CVE-2024-11602: Feast Cross-Origin Resource Sharing vulnerability

March 20, 2025 (updated March 21, 2025)

A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security controls and potentially expose sensitive information.

References

github.com/advisories/GHSA-wxpc-2674-rxvw
github.com/feast-dev/feast
huntr.com/bounties/7b24ecbe-0af7-4125-ab56-bce09786042e
nvd.nist.gov/vuln/detail/CVE-2024-11602

Code Behaviors & Features

Detect and mitigate CVE-2024-11602 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →