CVE-2024-25170

Description

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

Affected packages (1)

• PyPI/mezzaninefrom 0, <= 6.0.0

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-25170
• PATCHhttps://github.com/stephenmcd/mezzanine
• WEBhttps://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0
• WEBhttps://ibb.co/DpxHpz9
• WEBhttps://ibb.co/T0fhLwR