Commit graph

1 commit

Author SHA1 Message Date
Yoan Blanc 7b873b7746
vendor: rs/cors v1.7.0
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts
a wildcard CORS policy into reflecting an arbitrary Origin header
value, which is incompatible with the CORS security design, and
could lead to CORS misconfiguration security problems.

CVE-2018-20744

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 10:36:38 +02:00