EUVD-2024-2263

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-40627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack...

CVE-2024-40627

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

Information Disclosure

fastapi-opa is vulnerable to Information Disclosure. The vulnerability is due to lack of authentication enforcement for HTTP OPTIONS requests by OpaMiddleware, allowing an unauthenticated attacker to determine the existence of entities within the application based on the responses to these reques...

CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

CVE-2024-40627 OpaMiddleware does not filter HTTP OPTIONS requests

Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. OpaMiddleware allows all HTTP OPTIONS requests without evaluating it against...

GHSA-5F5C-8RVC-J8WF OpaMiddleware does not filter HTTP OPTIONS requests

Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...

fastflows (>=0.1.0 <=0.1.2) potentially affected by CVE-2024-40627 via fastapi-opa (=1.4.8)

fastapi-opa PYPI version =1.4.8 is affected by a known vulnerability. The following packages have a transitive dependency on fastapi-opa and may be impacted: - fastflows =0.1.0, =0.1.2 Source cves: CVE-2024-40627 Source advisory: OSV:GHSA-5F5C-8RVC-J8WF...

OpaMiddleware does not filter HTTP OPTIONS requests

Summary HTTP OPTIONS requests are always allowed by OpaMiddleware, even when they lack authentication, and are passed through directly to the application. The maintainer uncertain whether this should be classed as a "bug" or "security issue" – but is erring on the side of "security issue" as an...

PT-2024-28950 · Unknown · Fastapi Opa

Name of the Vulnerable Software and Affected Versions: Fastapi OPA versions prior to 2.0.1 Description: The issue allows unauthenticated attackers to discover which entities exist within an application by sending HTTP OPTIONS requests. This is because OpaMiddleware allows all HTTP OPTIONS request...