Permissive List of Allowed Inputs
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-183: Permissive List of Allowed Inputs |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code configures CORS headers to allow any origin (using ‘*’ or ’null’), which means any website can make requests to your server. This overly permissive policy exposes your application to cross-origin attacks.
Impact#
An attacker could build a malicious site that interacts with your APIs as if it were a trusted client, potentially stealing sensitive data, performing unauthorized actions, or impersonating users. This weakens security boundaries and could lead to data leaks or account compromise.