VYPR

Go modules package

github.com/zeromicro/go-zero

pkg:golang/github.com/zeromicro/go-zero

Vulnerabilities (1)

  • CVE-2024-27302Mar 6, 2024
    affected < 1.4.4fixed 1.4.4

    go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via a malici