CVE-2024-11602 – feast

Package

Manager: pip
Name: feast
Vulnerable Version: >=0 <=0.40.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00021 pctl0.04012

Details

Feast Cross-Origin Resource Sharing vulnerability A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security controls and potentially expose sensitive information.

Metadata

Created: 2025-03-20T12:32:42Z
Modified: 2025-03-21T16:59:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-wxpc-2674-rxvw/GHSA-wxpc-2674-rxvw.json
CWE IDs: ["CWE-346"]
Alternative ID: GHSA-wxpc-2674-rxvw
Finding: F086
Auto approve: 1