blob: 25545cd999d2a0e1e2b32186df94314e089ea6d3 [file] [log] [blame]
id: GO-2020-0020
modules:
- module: github.com/gorilla/handlers
versions:
- fixed: 1.3.0
vulnerable_at: 1.2.1
packages:
- package: github.com/gorilla/handlers
symbols:
- cors.ServeHTTP
summary: Improper access control in github.com/gorilla/handlers
description: |-
Usage of the CORS handler may apply improper CORS headers, allowing the
requester to explicitly control the value of the Access-Control-Allow-Origin
header, which bypasses the expected behavior of the Same Origin Policy.
published: 2021-04-14T20:04:52Z
ghsas:
- GHSA-jcr6-mmjj-pchw
credits:
- Evan J Johnson
references:
- fix: https://github.com/gorilla/handlers/pull/116
- fix: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145
cve_metadata:
id: CVE-2017-20146
cwe: 'CWE 284: Improper Access Control'
review_status: REVIEWED