VDB

DEBIAN-CVE-2019-25211

DEBIAN-CVE-2019-25211 PUBLISHED CVSS 9.100000381469727 CRITICAL

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.

Risk Scores

CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Debian:12golang-github-gin-contrib-cors1.4.0-1, 0, 0
Debian:11golang-github-gin-contrib-cors0, 1.3.1-1, 0
Debian:14golang-github-gin-contrib-cors1.4.0-1, 0, 1.4.0-1
Debian:13golang-github-gin-contrib-cors0, 1.4.0-1, 1.4.0-1

Timeline

  • Jun 29, 2024 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›