​
DirectorySecurity Advisories
Sign In
Security Advisories

GHSA-mh55-gqvf-xfwm

Published

Last updated

https://github.com/advisories/GHSA-mh55-gqvf-xfwm

Summary

Denial of service via malicious preflight requests in github.com/rs/cors

Description

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

References

  • https://github.com/rs/cors/issues/170

Affected packages


Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images