CVE-2025-50864
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-08-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elysiajs | elysia-cors | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-178 | The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Origin Validation Error in the elysia-cors library up to version 1.3.0. The library incorrectly validates the origin by checking if the origin is a substring of any domain in the site's CORS policy instead of requiring an exact match. This means that malicious origins that contain the allowed domain as a substring (e.g., 'notexample.com' when 'example.com' is allowed) can bypass CORS restrictions.
How can this vulnerability impact me? :
This vulnerability can allow attackers to bypass CORS restrictions and gain unauthorized access to user data on sites using the elysia-cors library for CORS validation. This could lead to data exposure or unauthorized actions performed on behalf of users.