Search
Find a vulnerability
Search criteria
2 vulnerabilities found for go_cors by go_cors_project
CVE-2018-20744 (GCVE-0-2018-20744)
Vulnerability from nvd – Published: 2019-01-28 08:00 – Updated: 2024-08-05 12:12
VLAI
EPSS
VEX
Summary
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106834 | vdb-entryx_refsource_BID |
| https://github.com/rs/cors/issues/55 | x_refsource_MISC |
| https://www.usenix.org/system/files/conference/us… | x_refsource_MISC |
Date Public
2019-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rs/cors/issues/55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rs/cors/issues/55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106834"
},
{
"name": "https://github.com/rs/cors/issues/55",
"refsource": "MISC",
"url": "https://github.com/rs/cors/issues/55"
},
{
"name": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20744",
"datePublished": "2019-01-28T08:00:00.000Z",
"dateReserved": "2019-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:12:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20744 (GCVE-0-2018-20744)
Vulnerability from cvelistv5 – Published: 2019-01-28 08:00 – Updated: 2024-08-05 12:12
VLAI
EPSS
VEX
Summary
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106834 | vdb-entryx_refsource_BID |
| https://github.com/rs/cors/issues/55 | x_refsource_MISC |
| https://www.usenix.org/system/files/conference/us… | x_refsource_MISC |
Date Public
2019-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rs/cors/issues/55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-06T10:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rs/cors/issues/55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106834"
},
{
"name": "https://github.com/rs/cors/issues/55",
"refsource": "MISC",
"url": "https://github.com/rs/cors/issues/55"
},
{
"name": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20744",
"datePublished": "2019-01-28T08:00:00.000Z",
"dateReserved": "2019-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:12:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}