Go modules package
github.com/rs/cors
pkg:golang/github.com/rs/cors
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47908 | Hig | 7.5 | >= 1.9.0, < 1.11.0 | 1.11.0 | Aug 6, 2025 | Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/s | |
| CVE-2018-20744 | — | < 1.5.0 | 1.5.0 | Jan 28, 2019 | The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. |
- affected >= 1.9.0, < 1.11.0fixed 1.11.0
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/s
- CVE-2018-20744Jan 28, 2019affected < 1.5.0fixed 1.5.0
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.