GHSA-vq59-5x26-h639

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-vq59-5x26-h639/GHSA-vq59-5x26-h639.json
Aliases
  • CVE-2023-28109
Published
2023-03-17T14:43:12Z
Modified
2023-03-17T14:43:12Z
Details

Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information.

Patches It has been fixed in lastest version, Please upgrade to latest version

Workarounds No, users have to upgrade version.

References

Affected packages

Go / github.com/play-with-docker/play-with-docker

github.com/play-with-docker/play-with-docker

Affected ranges

Type
SEMVER
Events
Introduced
0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 0.0.2"
}