CVE-2019-9580 - StackStorm: exploiting CORS misconfiguration (null origin) to gain RCE
CVE-2019-9580 - StackStorm exploiting CORS null origin to gain RCE < 293 and 2103 Prior to 2103/293, if the origin of the request was unknown, we would return null null can result in a successful request from an unknown origin in some clients Allowing the possibility of XSS style attacks against the StackStorm API found by Barak Tawily and Anna Tsibulskaya