2 matches found
EUVD-2019-0332
Malware in sbrugna...
GHSA-3248-F932-C76P DB-GPT vulnerable to Cross-Site Request Forgery
In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...