Severity: moderate

    Insecure Default Configuration


    Affected versions of are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.


    Update to version 2.4.0 or later.

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      Feb 19th, 2021
    2. reported

      Reported by Anonymous
      Feb 19th, 2021