search

deptofdefense / dds.mil

The website of the Defense Digital Service.
https://dds.mil
MIT License
19 stars 15 forks source link

Patched🐛 Insecure defaults due to CORS misconfiguration #452

Open imhunterand opened 1 year ago

imhunterand commented 1 year ago

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

CVE-2020-28481 Severity Moderate GHSA-fxwf-4rqh-v8g3