#VU97957 Input validation error in CORS - CVE-2019-25211
Published: October 2, 2024
Vulnerability identifier: #VU97957
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-25211
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CORS
CORS
Software vendor:
Gin-Gonic
Gin-Gonic
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect handling of the wildcard character in the URL within parseWildcardRules, which can lead to security restrictions bypass.
Remediation
Install updates from vendor's website.