CWE-942
AllowedPermissive Cross-domain Security Policy with Untrusted Domains
Abstraction: Variant · Status: Incomplete
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
177 vulnerabilities reference this CWE, most recent first.
CVE-2020-36851 (GCVE-0-2020-36851)
Vulnerability from cvelistv5 – Published: 2025-09-25 14:45 – Updated: 2026-06-23 16:13| URL | Tags |
|---|---|
| https://github.com/Rob--W/cors-anywhere/issues/152 | issue-tracking |
| https://github.com/Rob--W/cors-anywhere/issues/78 | issue-tracking |
| https://www.certik.com/resources/blog/cors-anywhe… | technical-description |
| https://www.vulncheck.com/advisories/rob-w-cors-a… | third-party-advisory |
| https://github.com/SocketDev/security-research/se… | vendor-advisory |
| https://github.com/Rob--W/cors-anywhere/issues/521 | issue-tracking |
| Vendor | Product | Version | |
|---|---|---|---|
| Rob--W / cors-anywhere | Rob--W / cors-anywhere |
Affected:
0 , ≤ 0.4.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:44:47.320455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:32.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Proxy forwarding / request forwarding component"
],
"packageName": "cors-anywhere",
"packageURL": "pkg:github/Rob--W/cors-anywhere",
"product": "Rob--W / cors-anywhere",
"repo": "https://github.com/Rob--W/cors-anywhere",
"vendor": "Rob--W / cors-anywhere",
"versions": [
{
"lessThanOrEqual": "0.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CertiK\u0027s Pentesting Team"
},
{
"lang": "en",
"type": "reporter",
"value": "Jonathan Leitschuh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.\u003c/p\u003e"
}
],
"value": "Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:13:02.486Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Rob--W/cors-anywhere/issues/152"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Rob--W/cors-anywhere/issues/78"
},
{
"tags": [
"technical-description"
],
"url": "https://www.certik.com/resources/blog/cors-anywhere-dangers-of-misconfigured-third-party-software"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/rob-w-cors-anywhere-misconfigured-cors-proxy-allows-ssrf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/SocketDev/security-research/security/advisories/GHSA-9wmg-93pw-fc3g"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Rob--W/cors-anywhere/issues/521"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rob--W cors-anywhere Misconfigured CORS Proxy Allows SSRF",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.\u003cbr\u003e"
}
],
"value": "Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36851",
"datePublished": "2025-09-25T14:45:38.599Z",
"dateReserved": "2025-09-25T13:38:54.393Z",
"dateUpdated": "2026-06-23T16:13:02.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-14860 (GCVE-0-2019-14860)
Vulnerability from cvelistv5 – Published: 2019-11-08 14:45 – Updated: 2024-08-05 00:26| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:3892 | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14860"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "syndesis",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T23:07:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14860"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14860",
"datePublished": "2019-11-08T14:45:52.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-22CJ-GF6G-GPGC
Vulnerability from github – Published: 2025-08-18 15:30 – Updated: 2025-08-18 15:30IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
{
"affected": [],
"aliases": [
"CVE-2025-27909"
],
"database_specific": {
"cwe_ids": [
"CWE-697",
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-18T14:15:28Z",
"severity": "MODERATE"
},
"details": "IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.",
"id": "GHSA-22cj-gf6g-gpgc",
"modified": "2025-08-18T15:30:32Z",
"published": "2025-08-18T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27909"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7242354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-254G-WCPQ-W26F
Vulnerability from github – Published: 2026-03-26 15:30 – Updated: 2026-03-26 15:30HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could steal sensitive data, perform actions on behalf of a legitimate user.
{
"affected": [],
"aliases": [
"CVE-2025-55274"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-26T13:16:27Z",
"severity": "LOW"
},
"details": "HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could steal sensitive data, perform actions on behalf of a legitimate user.",
"id": "GHSA-254g-wcpq-w26f",
"modified": "2026-03-26T15:30:39Z",
"published": "2026-03-26T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55274"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0129793"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-26RC-MJ52-PCF5
Vulnerability from github – Published: 2024-08-28 12:30 – Updated: 2024-09-12 15:32HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.
{
"affected": [],
"aliases": [
"CVE-2024-6449"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-28T12:15:06Z",
"severity": "MODERATE"
},
"details": "HyperView\u00a0Geoportal Toolkit in versions though\u00a08.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.\nAn unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space.\nBy manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.",
"id": "GHSA-26rc-mj52-pcf5",
"modified": "2024-09-12T15:32:59Z",
"published": "2024-08-28T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6449"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2024/08/CVE-2024-6449"
},
{
"type": "WEB",
"url": "https://cert.pl/posts/2024/08/CVE-2024-6449"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2FW7-6F7R-FX94
Vulnerability from github – Published: 2026-01-28 21:31 – Updated: 2026-01-29 21:30Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
{
"affected": [],
"aliases": [
"CVE-2025-13984"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-28T20:16:07Z",
"severity": "MODERATE"
},
"details": "Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.",
"id": "GHSA-2fw7-6f7r-fx94",
"modified": "2026-01-29T21:30:30Z",
"published": "2026-01-28T21:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13984"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2025-122"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2P2X-HPG8-CQP2
Vulnerability from github – Published: 2026-02-09 17:18 – Updated: 2026-02-09 22:38Summary
CORS origin validation can be bypassed because the allowed-origins allowlist is compiled into a regex without escaping metacharacters (notably .). An allowed origin like https://good.example can match https://goodXexample, resulting in Access-Control-Allow-Origin being set for an untrusted origin
Details
CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicious origin can match unexpectedly. The check relies on allowed_origins_regex.fullmatch(origin).
PoC
Server (poc_cors_server.py)
from litestar import Litestar, get
from litestar.config.cors import CORSConfig
@get("/c")
async def c() -> str:
return "ok"
cors = CORSConfig(
allow_origins=["https://good.example"],
allow_credentials=True,
)
app = Litestar([c], cors_config=cors)
uvicorn poc_cors_server:app --host 127.0.0.1 --port 8002
Client (poc_cors_client.py)
import http.client
def req(origin: str) -> tuple[int, str | None]:
c = http.client.HTTPConnection("127.0.0.1", 8002, timeout=3)
c.request("GET", "/c", headers={"Origin": origin, "Host": "example.com"})
r = c.getresponse()
r.read()
acao = r.getheader("Access-Control-Allow-Origin")
c.close()
return r.status, acao
print("evil:", req("https://evil.example"))
print("bypass:", req("https://goodXexample"))
Expected (vulnerable behavior):
Origin: https://evil.example → no ACAO Origin: https://goodXexample → ACAO: https://goodxexample/ (bypass)
Impact
Type: CORS policy bypass (cross-origin data exposure risk) Who is impacted: apps using CORS allowlists to restrict browser cross-origin reads. If allow_credentials=True and authenticated endpoints return sensitive data, an attacker-controlled site can potentially read responses in a victim’s browser session.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "litestar"
},
"ranges": [
{
"events": [
{
"introduced": "2.19.0"
},
{
"fixed": "2.20.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.19.0"
]
}
],
"aliases": [
"CVE-2026-25478"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-09T17:18:52Z",
"nvd_published_at": "2026-02-09T20:15:57Z",
"severity": "HIGH"
},
"details": "### Summary\nCORS origin validation can be bypassed because the allowed-origins allowlist is compiled into a regex without escaping metacharacters (notably .). An allowed origin like https://good.example can match https://goodXexample, resulting in Access-Control-Allow-Origin being set for an untrusted origin\n\n### Details\nCORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters are not escaped, a malicious origin can match unexpectedly. The check relies on allowed_origins_regex.fullmatch(origin).\n\n### PoC\nServer (poc_cors_server.py)\n\n```\nfrom litestar import Litestar, get\nfrom litestar.config.cors import CORSConfig\n\n@get(\"/c\")\nasync def c() -\u003e str:\n return \"ok\"\n\ncors = CORSConfig(\n allow_origins=[\"https://good.example\"],\n allow_credentials=True,\n)\napp = Litestar([c], cors_config=cors)\n```\n\n`uvicorn poc_cors_server:app --host 127.0.0.1 --port 8002`\n\nClient (poc_cors_client.py)\n\n```\nimport http.client\n\ndef req(origin: str) -\u003e tuple[int, str | None]:\n c = http.client.HTTPConnection(\"127.0.0.1\", 8002, timeout=3)\n c.request(\"GET\", \"/c\", headers={\"Origin\": origin, \"Host\": \"example.com\"})\n r = c.getresponse()\n r.read()\n acao = r.getheader(\"Access-Control-Allow-Origin\")\n c.close()\n return r.status, acao\n\nprint(\"evil:\", req(\"https://evil.example\"))\nprint(\"bypass:\", req(\"https://goodXexample\")) \n```\n\nExpected (vulnerable behavior):\n\nOrigin: https://evil.example \u2192 no ACAO\nOrigin: https://goodXexample \u2192 ACAO: https://goodxexample/ (bypass)\n\n### Impact\nType: CORS policy bypass (cross-origin data exposure risk)\nWho is impacted: apps using CORS allowlists to restrict browser cross-origin reads. If allow_credentials=True and authenticated endpoints return sensitive data, an attacker-controlled site can potentially read responses in a victim\u2019s browser session.",
"id": "GHSA-2p2x-hpg8-cqp2",
"modified": "2026-02-09T22:38:05Z",
"published": "2026-02-09T17:18:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/litestar-org/litestar/security/advisories/GHSA-2p2x-hpg8-cqp2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25478"
},
{
"type": "WEB",
"url": "https://github.com/litestar-org/litestar/commit/eb87703b309efcc0d1b087dcb12784e76b003d5a"
},
{
"type": "WEB",
"url": "https://docs.litestar.dev/2/release-notes/changelog.html#2.20.0"
},
{
"type": "PACKAGE",
"url": "https://github.com/litestar-org/litestar"
},
{
"type": "WEB",
"url": "https://github.com/litestar-org/litestar/releases/tag/v2.20.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Litestar\u0027s CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins"
}
GHSA-2R2P-4CGF-HV7H
Vulnerability from github – Published: 2026-04-22 14:52 – Updated: 2026-04-22 14:52Summary
The local HTTP server started by engram server (binding 127.0.0.1:7337 by default) was exposed to any browser origin with no authentication unless ENGRAM_API_TOKEN was explicitly set. Combined with Access-Control-Allow-Origin: * on every response and a body parser that did not require Content-Type: application/json, this allowed a malicious web page the developer visited to:
- Exfiltrate the local knowledge graph via
GET /queryandGET /stats(function names, file layout, recorded decisions/mistakes). - Inject persistent prompt-injection payloads via
POST /learn, which wrotemistake/decisionnodes that were later surfaced as system-reminders to the user's AI coding agent on every future session and file edit.
Severity: High — confidentiality + persistent indirect prompt injection against the user's coding agent.
Affected versions
engramx >= 1.0.0, < 2.0.2 — any version that shipped the HTTP server.
Patched in
engramx@2.0.2
Workarounds (if you cannot upgrade)
- Do not run
engram serverorengram ui. - If developers must, set
ENGRAM_API_TOKENto a long random value and terminate the server before browsing the web.
Remediation (applied in 2.0.2)
- Fail-closed auth on every non-public route — Bearer header or HttpOnly cookie, constant-time comparison, 256-bit auto-generated token at
~/.engram/http-server.token(0600). - Wildcard CORS removed entirely; default is no CORS headers. Opt-in allowlist via
ENGRAM_ALLOWED_ORIGINS. - Host + Origin validation — rejects DNS rebinding and Host spoofing.
Content-Type: application/jsonenforced on mutations — blocks the text/plain CSRF vector./ui?token=bootstrap withSec-Fetch-Sitegate — prevents cross-origin oracle probing.
Credit
Discovered and responsibly disclosed by @gabiudrescu in engram issue #7.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "engramx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-306",
"CWE-352",
"CWE-942"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T14:52:03Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThe local HTTP server started by `engram server` (binding `127.0.0.1:7337` by default) was exposed to any browser origin with no authentication unless `ENGRAM_API_TOKEN` was explicitly set. Combined with `Access-Control-Allow-Origin: *` on every response and a body parser that did not require `Content-Type: application/json`, this allowed a malicious web page the developer visited to:\n\n1. **Exfiltrate** the local knowledge graph via `GET /query` and `GET /stats` (function names, file layout, recorded decisions/mistakes).\n2. **Inject persistent prompt-injection payloads** via `POST /learn`, which wrote `mistake`/`decision` nodes that were later surfaced as system-reminders to the user\u0027s AI coding agent on every future session and file edit.\n\nSeverity: **High** \u2014 confidentiality + persistent indirect prompt injection against the user\u0027s coding agent.\n\n### Affected versions\n\n`engramx` \u003e= 1.0.0, \u003c 2.0.2 \u2014 any version that shipped the HTTP server.\n\n### Patched in\n\n`engramx@2.0.2`\n\n### Workarounds (if you cannot upgrade)\n\n- Do **not** run `engram server` or `engram ui`.\n- If developers must, set `ENGRAM_API_TOKEN` to a long random value and terminate the server before browsing the web.\n\n### Remediation (applied in 2.0.2)\n\n1. Fail-closed auth on every non-public route \u2014 Bearer header or HttpOnly cookie, constant-time comparison, 256-bit auto-generated token at `~/.engram/http-server.token` (0600).\n2. Wildcard CORS removed entirely; default is no CORS headers. Opt-in allowlist via `ENGRAM_ALLOWED_ORIGINS`.\n3. Host + Origin validation \u2014 rejects DNS rebinding and Host spoofing.\n4. `Content-Type: application/json` enforced on mutations \u2014 blocks the text/plain CSRF vector.\n5. `/ui?token=` bootstrap with `Sec-Fetch-Site` gate \u2014 prevents cross-origin oracle probing.\n\n### Credit\n\nDiscovered and responsibly disclosed by @gabiudrescu in engram issue #7.",
"id": "GHSA-2r2p-4cgf-hv7h",
"modified": "2026-04-22T14:52:03Z",
"published": "2026-04-22T14:52:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NickCirv/engram/security/advisories/GHSA-2r2p-4cgf-hv7h"
},
{
"type": "WEB",
"url": "https://github.com/NickCirv/engram/issues/7"
},
{
"type": "PACKAGE",
"url": "https://github.com/NickCirv/engram"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection"
}
GHSA-2RCM-9PW5-QH2H
Vulnerability from github – Published: 2024-05-03 03:30 – Updated: 2024-05-03 03:30Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-20539.
{
"affected": [],
"aliases": [
"CVE-2023-38122"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T02:15:56Z",
"severity": "HIGH"
},
"details": "Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-20539.",
"id": "GHSA-2rcm-9pw5-qh2h",
"modified": "2024-05-03T03:30:55Z",
"published": "2024-05-03T03:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38122"
},
{
"type": "WEB",
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1013"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2WW8-F9RJ-2XG5
Vulnerability from github – Published: 2023-02-01 15:30 – Updated: 2023-02-08 21:30Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS).
{
"affected": [],
"aliases": [
"CVE-2023-23128"
],
"database_specific": {
"cwe_ids": [
"CWE-942"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-01T14:15:00Z",
"severity": "MODERATE"
},
"details": "Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS).",
"id": "GHSA-2ww8-f9rj-2xg5",
"modified": "2023-02-08T21:30:19Z",
"published": "2023-02-01T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23128"
},
{
"type": "WEB",
"url": "https://github.com/l00neyhacker/CVE-2023-23128"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Attack Surface Reduction
Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Strategy: Attack Surface Reduction
Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Strategy: Environment Hardening
For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.