216.73.217.172

CVE-2019-25211

· Published 29/06/2024 00:15 · Modified 29/06/2024 00:15

Labels: CVE-2019-25211 2024-06-29CVE-2019-25211[email protected]

Essential information

Published
29/06/2024 00:15
Modified
29/06/2024 00:15
Author
Creator
CISA KEV
No
CWE

Description

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References