HIGH🇵🇱 Wersja polska

CVE-2024-8024

CVSS 7.5v3.0pub. 2025-03-20upd. 2025-08-01

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such security issues.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Youdao Qanything

    APP
    Youdao
    1.4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-10264CRITICAL9.8PL ✓ten sam produkt

HTTP Request Smuggling w Youdao QAnything umożliwia RCE i nieautoryzowany dostęp

CVE-2024-12864HIGH7.5ten sam produkt

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything ...

CVE-2024-12866HIGH7.5ten sam produkt

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability all...

CVE-2024-8027MEDIUM6.1ten sam produkt

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload mal...