Tag
cwe-942
Safeguard articles tagged "cwe-942" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
The Security Implications of Misconfigured CORS in Node.js APIs
One line of Express middleware — reflecting Origin back with credentials: true — turns CORS from a browser protection into an authenticated data-exfiltration channel.
Jul 8, 20266 min read
Vulnerability Guides
CORS Misconfiguration: How to Prevent It
A too-generous CORS policy can let a malicious site read authenticated responses from your API. Reflecting the Origin with credentials is the classic mistake.
Jul 4, 20265 min read