CVE-2024-25170 – mezzanine

Package

Manager: pip
Name: mezzanine
Vulnerable Version: >=0 <=6.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01371 pctl0.79497

Details

Mezzanine allows attackers to bypass access controls via manipulating the Host header An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

Metadata

Created: 2024-02-28T21:30:20Z
Modified: 2024-02-28T22:58:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-22cc-w7xm-rfhx/GHSA-22cc-w7xm-rfhx.json
CWE IDs: []
Alternative ID: GHSA-22cc-w7xm-rfhx
Finding: F039
Auto approve: 1