EPSS
Percentile
54.8%
github.com/gorilla/handlers is vulnerable to authorization bypass. The vulnerability exists in the ServeHTTP function in cors.go due to improperly implemented CORS headers which allows an attacker to bypass header values.
ServeHTTP
cors.go
bugzilla.redhat.com/show_bug.cgi?id=2158262
github.com/advisories/GHSA-jcr6-mmjj-pchw
github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145
github.com/gorilla/handlers/pull/116
pkg.go.dev/vuln/GO-2020-0020