CVE-2024-23823
MEDIUM4.2EPSS 0.20%vantage6's CORS settings overly permissive
發布日:2024/3/15修改日:2024/3/15
描述
### Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies ### Patches No ### Workarounds No
受影響套件(1)
- PyPI/vantage6from 0, < 4.3.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |