The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Critical severity
GitHub Reviewed
Published
Oct 17, 2018
to the GitHub Advisory Database
•
Updated Feb 23, 2024
Give feedback on Dependabot alerts