Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
Denial of service via malicious preflight requests in github.com/rs/cors
More information
#### Details
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
#### Severity
Unknown
#### References
- [https://github.com/rs/cors/pull/171](https://togithub.com/rs/cors/pull/171)
- [https://github.com/rs/cors/issues/170](https://togithub.com/rs/cors/issues/170)
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2024-2883) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)).
Denial of service via malicious preflight requests in github.com/rs/cors
More information
#### Details
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
#### Severity
Moderate
#### References
- [https://github.com/rs/cors/issues/170](https://togithub.com/rs/cors/issues/170)
- [https://github.com/rs/cors/pull/171](https://togithub.com/rs/cors/pull/171)
- [https://github.com/rs/cors/commit/4c32059b2756926619f6bf70281b91be7b5dddb2](https://togithub.com/rs/cors/commit/4c32059b2756926619f6bf70281b91be7b5dddb2)
- [https://github.com/rs/cors](https://togithub.com/rs/cors)
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mh55-gqvf-xfwm) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).
This PR contains the following updates:
v1.10.1->v1.11.0GitHub Vulnerability Alerts
GHSA-mh55-gqvf-xfwm
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
Denial of service via malicious preflight requests in github.com/rs/cors
GHSA-mh55-gqvf-xfwm / GO-2024-2883
More information
#### Details Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service. #### Severity Unknown #### References - [https://github.com/rs/cors/pull/171](https://togithub.com/rs/cors/pull/171) - [https://github.com/rs/cors/issues/170](https://togithub.com/rs/cors/issues/170) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2024-2883) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)).Denial of service via malicious preflight requests in github.com/rs/cors
GHSA-mh55-gqvf-xfwm / GO-2024-2883
More information
#### Details Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service. #### Severity Moderate #### References - [https://github.com/rs/cors/issues/170](https://togithub.com/rs/cors/issues/170) - [https://github.com/rs/cors/pull/171](https://togithub.com/rs/cors/pull/171) - [https://github.com/rs/cors/commit/4c32059b2756926619f6bf70281b91be7b5dddb2](https://togithub.com/rs/cors/commit/4c32059b2756926619f6bf70281b91be7b5dddb2) - [https://github.com/rs/cors](https://togithub.com/rs/cors) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mh55-gqvf-xfwm) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Release Notes
rs/cors (github.com/rs/cors)
### [`v1.11.0`](https://togithub.com/rs/cors/compare/v1.10.1...v1.11.0) [Compare Source](https://togithub.com/rs/cors/compare/v1.10.1...v1.11.0)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.