CVE-2021-39185

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39185
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39185.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-39185
Aliases
Related
Published
2021-09-01T20:15:07Z
Modified
2025-02-14T11:31:29.813916Z
Summary
[none]
Details

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The problem is fixed in 0.21.27, 0.22.3, 0.23.2, and 1.0.0-M25. The original CORS implementation and CORSConfig are deprecated. See the GitHub GHSA for more information, including code examples and workarounds.

References

Affected packages

Git / github.com/http4s/http4s

Affected ranges

Type
GIT
Repo
https://github.com/http4s/http4s
Events
Last affected
06db471f053023ce3ffd7c568ce46d33551d1d69
Last affected
20d0457c207a6e139b47b601fe4aca00c7ec05cf
Last affected
45c90d58c98e4153e6ed6a355199a394f026d092
Last affected
490f74b689ce543a133c7e033b60cbb94cb9d539
Last affected
493d5091a891958e24c954c365ac91498106b229
Last affected
5e7be4846286f43a19c801ff9e77a376a35a5378
Last affected
6227ad21e0ddc372e433d279a7cdde387b0b0e3e
Last affected
6264fa05386925afd82942976f5606b1d8181099
Last affected
6676c1e24a4e32e0c6c1a36911f4e6606c10e12b
Last affected
6b0d5130177eb7af03c3979b5cf99af70f452fc7
Last affected
756ce63aee681c5b632bbeafe0b8fde2f3d237f4
Last affected
83e7ceb76f0a46ba27efd6c1a3b90bd1b2b8fca6
Last affected
8f52735b5362395c86acb3d33c51b9dc3551aa4f
Last affected
94e23b89b520efb022842fbd404484c674222d2a
Last affected
96c1fbefc08b58922bab72f4c0503cf393cdb13d
Last affected
96f5a9f1c77bf3180d1144d4c040ef3b84af6a99
Last affected
a6edc034138f758697a93aa4985e3621e12a2314
Last affected
a8189fc3c885dead089f857728b8d2b20361af6d
Last affected
b4beb2ac80a19ec31a843d7c80c1eff89b682a46
Last affected
bef11333d4e7f85b0387c979f1b30fe91331f313
Last affected
c0165bc83e7f802b7fe9e50aba8bd1fd589d3e2e
Last affected
c18c9b3dbb60be3f52d2ed3d74804158bee3b9f5
Last affected
cb6639a21181c460af8fd55a8c6326cb37da791f
Introduced
3e98ea4a63e741c7f9d5e917d48d2ee8fab54476
Last affected
cf77cfeb2d0bd09337da0b64a636e29bbfb77d27
Last affected
cfc696d96e8f1419449bc5cf53f8d394f76cf1b2
Last affected
d68768bb0936ff8fd1b95bb2d2f006d4d92b627b
Last affected
d980b0b88a42026f942c048c6097f92f78ad52f2
Last affected
da5224d0754579c7d8a845f13dbbcb4754aa396d

Affected versions

v0.*

v0.22.0
v0.22.1
v0.23.0
v0.23.0-M1
v0.23.0-RC1

v1.*

v1.0.0-M11
v1.0.0-M12
v1.0.0-M13
v1.0.0-M14
v1.0.0-M15
v1.0.0-M16
v1.0.0-M17
v1.0.0-M18
v1.0.0-M19
v1.0.0-M20
v1.0.0-M21
v1.0.0-M22
v1.0.0-M23