Origin Validation Error

CVE-2017-20146

High

9.8/10

Summary

In github.com/gorilla/handlers, usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy. Versions prior to 1.3.0 are affected by this vulnerability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-346 - Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

References

Advisory
Pull request
Release Note
Advisory

Advisory Timeline

Published Dec 27, 2022

Origin Validation Error

CVE-2017-20146

Summary

CWE-346 - Origin Validation Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS