Lucene search

CVE-2024-40627

🗓️ 15 Jul 2024 20:05:15Reported by [email protected]Type

Fastapi OPA middleware allows unauthenticated HTTP OPTIONS requests, potentially leaking system entity information. Upgrade to version 2.0.1

Reporter	Title	Published	Views	Family All 9
Github Security Blog	OpaMiddleware does not filter HTTP OPTIONS requests	15 Jul 202417:49	–	github
CVE	CVE-2024-40627	15 Jul 202420:15	–	cve
Veracode	Information Disclosure	16 Jul 202405:50	–	veracode
OSV	UBUNTU-CVE-2024-40627	15 Jul 202420:15	–	osv
OSV	CVE-2024-40627	15 Jul 202420:15	–	osv
OSV	OpaMiddleware does not filter HTTP OPTIONS requests	15 Jul 202417:49	–	osv
Cvelist	CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests	15 Jul 202419:21	–	cvelist
UbuntuCve	CVE-2024-40627	15 Jul 202400:00	–	ubuntucve
Vulnrichment	CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests	15 Jul 202419:21	–	vulnrichment

Source	Link
github	www.github.com/busykoala/fastapi-opa/blob/6dd6f8c87e908fe080784a74707f016f1422b58a/fastapi_opa/opa/opa_middleware.py
github	www.github.com/busykoala/fastapi-opa/security/advisories/GHSA-5f5c-8rvc-j8wf
github	www.github.com/busykoala/fastapi-opa/commit/9588109ff651f7ffc92687129c4956126443fb8c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Jul 2024 20:15Current

CVSS35.8

EPSS0.0004

CWE-204