This repository has been archived by the owner on Sep 15, 2022. It is now read-only.
Update github.com/rs/cors to at least v1.5.0 #160
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The /rs/cors package has this reported CVE CVE-2018-20744 when the CORS policy is set to
*. Since the CORS policy is configurable with a flag it is possible a user could configure it to "*" resulting in insecure behaviour.The text was updated successfully, but these errors were encountered: