Отправить #801529: alexta69 MeTube 2026.04.09 Permissive Cross-domain Policy with Untrusted DomainsИнформация

Название	alexta69 MeTube 2026.04.09 Permissive Cross-domain Policy with Untrusted Domains
Описание	MeTube unconditionally reflects the Origin header in CORS responses and has no authentication, allowing any malicious website to initiate downloads, delete files, overwrite cookies, and manage subscriptions on a victim's instance via cross-origin requests. I've made a pull request with the fixed code. https://github.com/alexta69/metube/pull/949
Источник	⚠️ https://github.com/az10b/security-advisories/blob/main/cors_MeTube.md
Пользователь	AliAz (UID 74624)
Представление	10.04.2026 03:09 (2 месяцы назад)
Модерация	01.05.2026 08:52 (21 days later)
Статус	принято
Запись VulDB	360528 [alexta69 MeTube до 2026.04.09 CORS Policy app/main.py on_prepare эскалация привилегий]
Баллы	19

Do you need the next level of professionalism?

Upgrade your account now!