Skip to content

Mezzanine allows attackers to bypass access controls via manipulating the Host header

Moderate severity GitHub Reviewed Published Feb 28, 2024 to the GitHub Advisory Database • Updated Mar 8, 2024

Package

pip Mezzanine (pip)

Affected versions

<= 6.0.0

Patched versions

None

Description

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

References

Published by the National Vulnerability Database Feb 28, 2024
Published to the GitHub Advisory Database Feb 28, 2024
Reviewed Feb 28, 2024
Last updated Mar 8, 2024

Severity

Moderate

EPSS score

0.045%
(17th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2024-25170

GHSA ID

GHSA-22cc-w7xm-rfhx

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.