wildcard-cors
CORS policy allows any origin (using wildcard ’*’). This is insecure and should be avoided.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASP:
- A05:2021 - Security Misconfiguration
wildcard-cors
CORS policy allows any origin (using wildcard ’*’). This is insecure and should be avoided.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASP:
- A05:2021 - Security Misconfiguration