You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The maintainer(s) of the affected project have already been made aware of this vulnerability.
Description
Some CORS middleware (more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix) incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patterns https://foo.com and https://bar.com (in that order) would yield a middleware that would incorrectly allow untrusted origin https://barfoo.com.
Acknowledgement
Description
Some CORS middleware (more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix) incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patterns
https://foo.com
andhttps://bar.com
(in that order) would yield a middleware that would incorrectly allow untrusted originhttps://barfoo.com
.Affected Modules, Packages, Versions and Symbols
CVE/GHSA ID
GHSA-vhxv-fg4m-p2w8
Fix Commit or Pull Request
jub0bs/cors@63900fa
References
The text was updated successfully, but these errors were encountered: