CVE-2021-39185

Published: Sep 1, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: security-advisories@github.com (Secondary)

Description

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The problem is fixed in 0.21.27, 0.22.3, 0.23.2, and 1.0.0-M25. The original `CORS` implementation and `CORSConfig` are deprecated. See the GitHub GHSA for more information, including code examples and workarounds.

Affected (28)

Products: Typelevel: Http4s

Typelevel

1 product

Http4s

Configuration A

28 vulnerable

Vulnerable Software	Affected Versions
Typelevel Http4s	Up to 0.21.26
Typelevel Http4s	From 0.22.0 to 0.22.2
Typelevel Http4s	Version 0.23.0
Typelevel Http4s	Version 0.23.1
Typelevel Http4s	Version 1.0.0 milestone10
Typelevel Http4s	Version 1.0.0 milestone11
Typelevel Http4s	Version 1.0.0 milestone12
Typelevel Http4s	Version 1.0.0 milestone13
Typelevel Http4s	Version 1.0.0 milestone14
Typelevel Http4s	Version 1.0.0 milestone15
Typelevel Http4s	Version 1.0.0 milestone16
Typelevel Http4s	Version 1.0.0 milestone17
Typelevel Http4s	Version 1.0.0 milestone18
Typelevel Http4s	Version 1.0.0 milestone19
Typelevel Http4s	Version 1.0.0 milestone1
Typelevel Http4s	Version 1.0.0 milestone20
Typelevel Http4s	Version 1.0.0 milestone21
Typelevel Http4s	Version 1.0.0 milestone22
Typelevel Http4s	Version 1.0.0 milestone23
Typelevel Http4s	Version 1.0.0 milestone24
Typelevel Http4s	Version 1.0.0 milestone2
Typelevel Http4s	Version 1.0.0 milestone3
Typelevel Http4s	Version 1.0.0 milestone4
Typelevel Http4s	Version 1.0.0 milestone5
Typelevel Http4s	Version 1.0.0 milestone6
Typelevel Http4s	Version 1.0.0 milestone7
Typelevel Http4s	Version 1.0.0 milestone8
Typelevel Http4s	Version 1.0.0 milestone9