github.com/rs/cors
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/rs/corspage 1 of 1
- CVE-2018-20744MEDIUMCVSS 5.9✓ Fixed in 1.5.02019-01-28
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration secur…
- CVE-2025-47908HIGHCVSS 7.5EG 7.5✓ Fixed in 1.11.02025-08-06
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers …
Check whether github.com/rs/cors is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/rs/cors CVEs against the assets you own.
Start Free Scan →