Package: golang-github-gin-contrib-cors
X-Debbugs-CC: t...@security.debian.org
Severity: important upstream
Tags: security
Forwarded: https://github.com/gin-contrib/cors/pull/106
Hi,
The following vulnerability was published for
golang-github-gin-contrib-cors.
CVE-2019-25211[0]:
| parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0
| mishandles a wildcard at the end of an origin string, e.g.,
| https://example.community/* is allowed when the intention is that
| only https://example.com/* should be allowed, and
| http://localhost.example.com/* is allowed when the intention is that
| only http://localhost/* should be allowed.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-25211
https://www.cve.org/CVERecord?id=CVE-2019-25211
Please adjust the affected versions in the BTS as needed.
Best wishes
Matthias
