Input validation error in CORS - CVE-2019-25211

 

Input validation error in CORS - CVE-2019-25211

Published: October 2, 2024


Vulnerability identifier: #VU97957
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-25211
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Gin-Gonic
Affected software:
CORS

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect handling of the wildcard character in the URL within parseWildcardRules, which can lead to security restrictions bypass.


How to mitigate CVE-2019-25211

Install updates from vendor's website.

Sources