CVE Vulnerabilities

CVE-2019-25211

Origin Validation Error

Published: Jun 29, 2024 | Modified: Mar 14, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.

Weakness

The product does not properly verify that the source of data or communication is valid.

Affected Software

Name Vendor Start Version End Version
Red Hat Migration Toolkit for Containers 1.8 RedHat rhmtc/openshift-migration-controller-rhel8:v1.8.4-22 *
Golang-github-gin-contrib-cors Ubuntu mantic *

References