GHSA-c65f-x25w-62jv: openssl-encrypt has CORS wildcard with allow_credentials=True in standalone servers

April 1, 2026

Both standalone servers configure CORS with allow_origins=["*"], allow_credentials=True, allow_methods=["*"], and allow_headers=["*"].

References

github.com/advisories/GHSA-c65f-x25w-62jv
github.com/jahlives/openssl_encrypt
github.com/jahlives/openssl_encrypt/commit/809416b74d2749cdcffb484cd65b057e1685cc13
github.com/jahlives/openssl_encrypt/security/advisories/GHSA-c65f-x25w-62jv

Code Behaviors & Features

Detect and mitigate GHSA-c65f-x25w-62jv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →