nccgroup/sobelow

Support detecting for Wildcard check_origin Vulnerability

Open

#117 opened on Jan 10, 2023

View on GitHub
 (0 comments) (0 reactions) (0 assignees)Elixir (119 forks)batch import
featuregood first issue

Repository metrics

Stars
 (1,780 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

We should create a new detection for the vulnerability that was patched in the Phoenix 1.3.5, 1.4.18, 1.5.14, and 1.6.14 releases - this could be done somewhat similarly to how Vuln.Ecto works with some conditional logic for checking if wildcard origin is present.

https://elixirforum.com/t/phoenix-1-3-1-4-1-5-and-1-6-security-releases-for-wildcard-check-origin-vulnerability/50902

Contributor guide