Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissive
Impact
The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server.
The impact is limited because v6 does not use session cookies
Patches
No
Workarounds
No
Permalink: https://github.com/advisories/GHSA-4946-85pr-fvxhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 month ago
Updated: about 1 month ago
CVSS Score: 4.2
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-4946-85pr-fvxh, CVE-2024-23823
References:
- https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh
- https://nvd.nist.gov/vuln/detail/CVE-2024-23823
- https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41
- https://github.com/advisories/GHSA-4946-85pr-fvxh
Blast Radius: 4.0
Affected Packages
pypi:vantage6
Dependent packages: 2Dependent repositories: 9
Downloads: 1,820 last month
Affected Version Ranges: <= 4.2.2
Fixed in: 4.3.0
All affected versions: 0.0.0, 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 2.0.0, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.9.0, 3.10.0, 3.10.1, 3.10.3, 3.10.4, 3.11.0, 3.11.1, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.2.0, 4.2.1, 4.2.2
All unaffected versions: 4.2.3, 4.3.0, 4.3.1, 4.3.2, 4.3.4