CVE-2024-11602

CORS Vulnerability in feast-dev/feast

CVSS 7.4 HIGHEPSS 0.3%CWE-346

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

20 Mar 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security controls and potentially expose sensitive information.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected products

feast-dev · feast-dev/feast

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://huntr.com/bounties/7b24ecbe-0af7-4125-ab56-bce09786042e