CVE-2018-20744
MEDIUMgo_cors < 1.3.0 - Origin Validation Error via Wildcard CORS Policy
Title source: llmDescription
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106834
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/rs/cors/issues/55
Third Party Advisory x_refsource_misc
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf
Scores
CVSS v3
5.9
EPSS
0.0072
EPSS Percentile
48.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-346
Status
published
Products (3)
go_cors_project/go_cors
< 1.3.0
gofiber/fiber
2.0.0 - 2.43.0Go
rs/cors
0 - 1.5.0Go
Published
Jan 28, 2019
Tracked Since
Feb 18, 2026