-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Python: CORS Bypass #833
Comments
Your submission is now in status Results analysis. For information, the evaluation workflow is the following: |
Your submission is now in status Query review. For information, the evaluation workflow is the following: |
Your submission is now in status Final decision. For information, the evaluation workflow is the following: |
Created Hackerone report 2590110 for bounty 594470 : [833] Python: CORS Bypass |
Your submission is now in status Closed. For information, the evaluation workflow is the following: |
@xcorail Thanks for the quick bounty. |
@xcorail This bounty application was closed before the PR was reviewed. I have added a qhelp and the tests now. With this, I would request that the H1 bounty severity be bumped to medium. |
Hello @porcupineyhairs |
Hello @porcupineyhairs I re-scored the submission with the addition of the doc and tests, and it changed the overall score, but not significantly enough to pass the next level bar. Keep in mind that the documentation quality criteria is only one of the various factors that we score for a submission. Best |
Query PR
github/codeql#16814
Language
Python
CVE(s) ID list
GHSA-824x-jcxf-hpfg
CVE-2022-3457
CWE
CWE-346
Report
This PR adds a query to detect a Cross Origin Resource Sharing(CORS) policy bypass due to an incorrect check.
This PR attempts to detect the vulnerability pattern found in CVE-2022-3457
In this case, a value obtained from a header is compared using
startswith
call. This comparision is easily bypassed resulting in a CORS bypass. Given that similar bugs have been found in other languages as well, I think this PR would be a great addition to the exisitng python query pack.The databases for CVE-2022-3457 can be downloaded from
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
The text was updated successfully, but these errors were encountered: