GHSA-ff5q-cc22-fgp4: WWBN AVideo has a CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) Exposes Authenticated API Responses

April 14, 2026

This advisory has been withdrawn.

References

github.com/WWBN/AVideo
github.com/WWBN/AVideo/commit/5e2b897ccac61eb6daca2dee4a6be3c4c2d93e13
github.com/WWBN/AVideo/security/advisories/GHSA-ff5q-cc22-fgp4
github.com/advisories/GHSA-ff5q-cc22-fgp4

Code Behaviors & Features

Detect and mitigate GHSA-ff5q-cc22-fgp4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →