vulndb
vulndb copied to clipboard
x/vulndb: origin-validation error in github.com/jub0bs/fcors
Acknowledgement
- [X] The maintainer(s) of the affected project have already been made aware of this vulnerability.
Description
Some CORS middleware (more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix) incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patterns https://foo.com
and https://bar.com
(in that order) would yield a middleware that would incorrectly allow untrusted origin https://barfoo.com
.
Affected Modules, Packages, Versions and Symbols
Module: github.com/jub0bs/fcors
Package: github.com/jub0bs/fcors
Versions:
- Introduced: 0.8.0
- Fixed: 0.9.0
Symbols:
- AllowAccess
- AllowAccessWithCredentials
- FromOrigins
- Middleware
CVE/GHSA ID
GHSA-v84h-653v-4pq9
Fix Commit or Pull Request
https://github.com/jub0bs/fcors/commit/b5dcb889a49def37d7d9c25deb7135f4eb45625e
References
- https://cwe.mitre.org/data/definitions/346.html