通用漏洞公開披露 2024-36421

https://nvd.nist.gov/vuln/detail/CVE-2024-36421

CVE-2024-36421: Flowise v1.4.3 has a CORS misconfiguration that allows arbitrary origins to connect, potentially enabling unauthorized requests and information theft. This can be leveraged with path injection to read arbitrary files from the server. No patches are currently available.

via National Vulnerability Database

July 2, 2024 at 12:42AM

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *