Gorillatoolkit

gorillatoolkit

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-20146 1Gorillatoolkit 1Handlers Apr 11, 2025 Dec 27, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
CVE-2020-27813 2Debian Gorillatoolkit 2Debian Linux Websocket Nov 21, 2024 Dec 2, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket c...Show more An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2017-20146

1Gorillatoolkit

1Handlers

Apr 11, 2025

Dec 27, 2022

N/A· v4

9.8 CRITICAL· v3

N/A· v2

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.

CVE-2020-27813

2Debian

Gorillatoolkit

2Debian Linux

Websocket

Nov 21, 2024

Dec 2, 2020

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket c...Show more