Bug 2295302 (CVE-2019-25211)
| Summary: | CVE-2019-25211 github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dymurray, ibolton, jmatthew, jmontleo, mkleinhe, pgaikwad, rjohnson, slucidi, sseago |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the gin-gonic CORS middleware. Affected versions of this package are vulnerable to an Origin Validation Error due to the mishandling of wildcard characters at the end of an origin string. This flaw could allow an attacker to bypass intended CORS restrictions by crafting origin strings that exploit this wildcard handling.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2024-07-02 21:00:51 UTC
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.8 Via RHSA-2024:7164 https://access.redhat.com/errata/RHSA-2024:7164 |