SB2024100236 - Security restrictions bypass in Gin-Gonic CORS
Published: October 2, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2019-25211)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect handling of the wildcard character in the URL within parseWildcardRules, which can lead to security restrictions bypass.
Remediation
Install update from vendor's website.