logo

Database

Asymmetric denial of service In github.com/rs/cors

Description

A flaw was found in github.com/rs/cors. The middleware exhibits excessive heap memory allocation when handling preflight requests containing a lengthy, comma-separated value in the Access-Control-Request-Headers (ACRH) header. This vulnerability allows an attacker to send a specially crafted HTTP request, leading to resource exhaustion and potentially causing an application-level denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-479082. NVD-2025-479083. OSV-2025-479084. GCVE-2025-47908

References

1. https://github.com/rs/cors/issues/1702. https://github.com/rs/cors/pull/1713. https://github.com/rs/cors/commit/4c32059b2756926619f6bf70281b91be7b5dddb24. https://pkg.go.dev/vuln/GO-2024-2883

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.