Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/03/22 11:58 a.m.8 views

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS6.9AI score0.00228EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2025/03/20 12:32 p.m.4 views

dbgpt-app (=0.8.0rc1), dbgpt-client (>=0.7.0 <=0.8.0rc1) +2 more potentially affected by CVE-2024-10906 via dbgpt (=0.8.0)

dbgpt PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbgpt and may be impacted: - dbgpt-app =0.8.0rc1 - dbgpt-client =0.7.0, =0.7.0, =0.8.0, =0.8.0rc1 Source cves: CVE-2024-10906 Source advisory: SNYK:PYTHON-DBGPT-9586747...

8.1CVSS7AI score0.00228EPSS
Exploits1
nvd
nvd
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS0.00228EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

7.1CVSS7AI score0.00228EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

7.1CVSS0.00228EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:10 a.m.58 views

CVE-2024-10906

CVE-2024-10906 – CSRF in DB-GPT (eosphoros-ai/db-gpt) Affected: db-gpt, version 0.6.0, within the uvicorn app created by dbgpt_server. Root cause: CORSMiddleware configured with wide permissiveness, setting Access-Control-Allow-Origin to ‘*’ for all endpoints. Impact: endpoints may be interacted ...

8.1CVSS7AI score0.00228EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder