GSSA-2026-04-RSDKJ22026-04-256.5 Medium
Permissive CORS configuration allows credentialed cross-origin requests in cobc-events
cobc-events <1.0.1 enabled CORS with the default `cors()` configuration, accepting any `Origin`. Combined with the JWT cookie, this allowed cross-origin sites to issue authenticated requests against the API.
cobc-events <1.0.1 enabled CORS with the default cors() configuration, accepting any Origin. Combined with the JWT cookie, this allowed cross-origin sites to issue authenticated requests against the API.