logo

Database

Lack of data validation In vantage6

Description

vantage6's CORS settings overly permissive

Impact

The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server.

The impact is limited because v6 does not use session cookies

Patches

No

Workarounds

No

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-238232. NVD-2024-238233. OSV-2024-238234. GHSA-4946-85pr-fvxh5. GCVE-2024-23823

References

1. https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh2. https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.