logo

Database

Improper authorization control for web services In github.com/play-with-docker/play-with-docker

Description

Authorization Bypass Through User-Controlled Key play-with-docker Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information.

Patches It has been fixed in lastest version, Please upgrade to latest version

Workarounds No, users have to upgrade version.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2023-281092. NVD-2023-281093. OSV-2023-281094. GHSA-vq59-5x26-h6395. GCVE-2023-28109

References

1. https://github.com/play-with-docker/play-with-docker/security/advisories/GHSA-vq59-5x26-h6392. https://github.com/play-with-docker/play-with-docker/commit/ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.