ByteOS Network

CVE Vulnerability Details :

CVE-2025-47908

PUBLISHED

More Info Official Page

Assigner-Go

Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc

Published At-06 Aug, 2025 | 20:41

Updated At-07 Aug, 2025 | 13:47

▼CVE Numbering Authority (CNA)

Denial of service via malicious preflight requests in github.com/rs/cors

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

Affected Products

Vendor

github.com/rs/cors

Product

github.com/rs/cors

Collection URL

https://pkg.go.dev

Package Name

github.com/rs/cors

Program Routines

Cors.handlePreflight
Cors.areHeadersAllowed
New
splitHeaderValues
AllowAll
Cors.HandlerFunc
Cors.ServeHTTP
Default

Default Status

unaffected

Versions

Affected

From 1.9.0 before 1.11.0 (semver)

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-1325: Improperly Controlled Sequential Memory Allocation

Credits

@jub0bs

References

Hyperlink	Resource
https://github.com/rs/cors/pull/171	N/A
https://github.com/rs/cors/issues/170	N/A
https://pkg.go.dev/vuln/GO-2024-2883	N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References