{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T02:27:44.681","vulnerabilities":[{"cve":{"id":"CVE-2024-11602","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:25.337","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security controls and potentially expose sensitive information."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-Origin Resource Sharing (CORS) en feast-dev/feast versión 0.40.0. La configuración de CORS en el servidor agentscope no restringe correctamente el acceso únicamente a orígenes de confianza, lo que permite que cualquier dominio externo realice solicitudes a la API. Esto puede eludir los controles de seguridad previstos y potencialmente exponer información confidencial."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://huntr.com/bounties/7b24ecbe-0af7-4125-ab56-bce09786042e","source":"security@huntr.dev"}]}}]}