Soumettre #801529: alexta69 MeTube 2026.04.09 Permissive Cross-domain Policy with Untrusted Domainsinformation

Titrealexta69 MeTube 2026.04.09 Permissive Cross-domain Policy with Untrusted Domains
DescriptionMeTube unconditionally reflects the Origin header in CORS responses and has no authentication, allowing any malicious website to initiate downloads, delete files, overwrite cookies, and manage subscriptions on a victim's instance via cross-origin requests. I've made a pull request with the fixed code. https://github.com/alexta69/metube/pull/949
La source⚠️ https://github.com/az10b/security-advisories/blob/main/cors_MeTube.md
Utilisateur
 AliAz (UID 74624)
Soumission10/04/2026 03:09 (il y a 2 mois)
Modérer01/05/2026 08:52 (21 days later)
StatutAccepté
Entrée VulDB360528 [alexta69 MeTube jusqu’à 2026.04.09 CORS Policy app/main.py on_prepare élévation de privilèges]
Points19

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!