Vulnerabilities

1 via 1 paths

Dependencies

183

Source

GitHub

Commit

258f9a07

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Origin Validation Error

  • Vulnerable module: @koa/cors
  • Introduced through: @koa/cors@3.4.3

Detailed paths

  • Introduced through: swagger2-koa@carlansley/swagger2-koa#258f9a07caea6a8bd00edd25f41f04685325a706 @koa/cors@3.4.3
    Remediation: Upgrade to @koa/cors@5.0.0.

Overview

@koa/cors is a Cross-Origin Resource Sharing(CORS) for koa

Affected versions of this package are vulnerable to Origin Validation Error. An attacker can bypass the Same Origin Policy (SOP) by sending a request from an untrusted origin. This is only exploitable if the middleware is used in a production environment without proper origin restrictions.

Remediation

Upgrade @koa/cors to version 5.0.0 or higher.

References