CVE-2023-28109

Name of the Vulnerable Software and Affected Versions Play With Docker versions 0.0.2 and prior

Description Play With Docker is a browser-based Docker playground. The issue arises from incorrect CORS configuration, allowing an attacker to bypass the CORS policy by setting the origin header in an HTTP request to a malicious domain, such as evil-play-with-docker.com, which would then be echoed in the response header, successfully retrieving basic user information.

Recommendations For versions 0.0.2 and prior, upgrade to the latest version to fix the issue. As a temporary workaround, consider restricting access to the play-with-docker.com domain to minimize the risk of exploitation. There are no known workarounds other than upgrading to the latest version.