VYPR
Vendor

Gorilla

Products
4
CVEs
3
Across products
3
Status
Private

Products

4

Recent CVEs

3
  • CVE-2017-20146CriDec 27, 2022
    risk 0.57cvss 9.8epss 0.01

    Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.

  • CVE-2024-37298HigJul 1, 2024
    risk 0.42cvss 7.5epss 0.01

    gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice…

  • CVE-2025-24358MedApr 15, 2025
    risk 0.28cvss epss 0.00

    gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests…