GHSA-mh55-gqvf-xfwm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mh55-gqvf-xfwm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-mh55-gqvf-xfwm/GHSA-mh55-gqvf-xfwm.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-mh55-gqvf-xfwm
- Aliases
- Related
- Published
- 2024-07-05T19:42:48Z
- Modified
- 2024-07-15T22:42:22.776284Z
- Summary
- Denial of service via malicious preflight requests in github.com/rs/cors
- Details
-
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-07-05T19:42:48Z" }- References
Affected packages
Go / github.com/rs/cors
Package
- Name
- github.com/rs/cors
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/rs/cors