GHSA-vq59-5x26-h639

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-vq59-5x26-h639/GHSA-vq59-5x26-h639.json

Aliases

CVE-2023-28109

Published

2023-03-17T14:43:12Z

Modified

2023-03-17T14:43:12Z

Details

Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information.

Patches It has been fixed in lastest version, Please upgrade to latest version

Workarounds No, users have to upgrade version.

References

https://github.com/play-with-docker/play-with-docker/security/advisories/GHSA-vq59-5x26-h639
https://nvd.nist.gov/vuln/detail/CVE-2023-28109
https://github.com/play-with-docker/play-with-docker/commit/ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a
https://github.com/play-with-docker/play-with-docker

Affected packages

Go / github.com/play-with-docker/play-with-docker

github.com/play-with-docker/play-with-docker

Affected ranges

Type: SEMVER
Events: Introduced

0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 0.0.2"
}