An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qY3I2LW1tamotcGNod84AAwoZ

gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: over 1 year ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-jcr6-mmjj-pchw, CVE-2017-20146
References: Repository:
Blast Radius: 44.0

Affected Packages
Dependent packages: 11,537
Dependent repositories: 30,713
Affected Version Ranges: < 1.3.0
Fixed in: 1.3.0
All affected versions: 1.2.1
All unaffected versions: 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2