Security Advisory

CVE-2024-8026

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:11:03

Last updated 2025-03-20 15:49:53

Assigner @huntr_ai

State PUBLISHED

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating, uploading, listing, deleting files, and managing knowledge bases.

← Browse all CVEs View on cve.org ↗