CNNVD-202508-2330 Information

CNNVD ID

CNNVD-202508-2330

Related CVE

CVE-2025-50864

• CNNVD Published: 2025-08-20

Description (Chinese)

elysiajs-cors是elysia开源的一个插件。 elysiajs-cors 1.3.0及之前版本存在安全漏洞，该漏洞源于源验证错误，可能导致绕过跨资源共享限制。

Description (English)

elysiajs-corps is an elysia open source plugin. Elysiajs-corps 1.3.0 and previous versions have a security loophole, which stems from a source validation error and may lead to circumventing resource-sharing restrictions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

elysia

Published

2025-08-20

Last Modified

2026-02-24

References

https://medium.com/@raghavagrawal_23036/cors-bypass-in-popular-opensource-library-ad27fb41e16a https://github.com/elysiajs/elysia-cors/tree/main https://github.com/elysiajs/elysia-cors/blob/main/src/index.ts http://elysiajs.com https://nvd.nist.gov/vuln/detail/CVE-2025-50864 https://access.redhat.com/security/cve/cve-2025-50864

Patch

https://github.com/elysiajs/elysia-cors/releases