GHSA-ccq9-r5cw-5hwq: WWBN AVideo has CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables Cross-Origin Account Takeover

April 14, 2026

This advisory has been withdrawn.

References

github.com/WWBN/AVideo
github.com/WWBN/AVideo/commit/caf705f38eae0ccfac4c3af1587781355d24495e
github.com/WWBN/AVideo/security/advisories/GHSA-ccq9-r5cw-5hwq
github.com/advisories/GHSA-ccq9-r5cw-5hwq

Code Behaviors & Features

Detect and mitigate GHSA-ccq9-r5cw-5hwq with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →