EPSS
Percentile
59.6%
rdiffweb is vulnerable to Privilege Escalation. An origin validation error allows a malicious user to elevate their privileges, due to insufficient validations in set_headers function in tools/secure_headers.py.
set_headers
tools/secure_headers.py
github.com/advisories/GHSA-824x-jcxf-hpfg
github.com/ikus060/rdiffweb/commit/afc1bdfab5161c74012ff2590a6ec49cc0d8fde0
huntr.dev/bounties/cfcab02e-d6ad-4dcf-b1b0-da90434bc55b