CVE-2024-10264

Critical CVSS: 9.8

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution.

Vendor

Youdao

Product

Qanything

CWE

CWE-444

Yayın Tarihi

2025-03-20 10:15:15

Güncelleme

2025-08-01 10:51:56

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-444 Qanything CRITICAL Youdao 2025

Referanslar

https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02

Benzer Kayıtlar

High

CVE-2024-8024

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an att…

Medium

CVE-2024-8027

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious kno…

High

CVE-2024-12864

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2…

High

CVE-2024-12866

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an att…