The top level wildcard bindings $PREFIX leaves your application open to security vulnerabilities and give attackers more control over where traffic is routed. If you must use wildcards, consider using subdomain wildcard binding. For example, you can use “*.asdf.gov” if you own all of “asdf.gov”. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-706: Use of Incorrectly-Resolved Name or Reference
OWASP: - A01:2021 - Broken Access Control