2 matches found
GHSA-8HMM-4CRW-VM2C @musistudio/claude-code-router has improper CORS configuration
Impact Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data...
CubeFS Log Information Disclosure Vulnerability
CubeFS is a cloud-native file storage for CubeFS individual developers. A log information disclosure vulnerability exists in CubeFS versions prior to 3.3.1, which stems from disclosing user keys and access keys in logs...