CVE-2024-8024

High CVSS: 7.5

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such security issues.

Vendor

Youdao

Product

Qanything

CWE

CWE-346

Yayın Tarihi

2025-03-20 10:15:39

Güncelleme

2025-08-01 01:45:39

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-346 Qanything HIGH Youdao 2025

Referanslar

https://huntr.com/bounties/bda53fab-88aa-4e03-8d9d-4cf50a98ffc7

Benzer Kayıtlar

Medium

CVE-2024-8027

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious kno…

High

CVE-2024-12864

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2…

High

CVE-2024-12866

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an att…

Critical

CVE-2024-10264

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistenci…