CVE-2024-25170: Mezzanine allows attackers to bypass access controls via manipulating the Host header

February 28, 2024

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

References

github.com/advisories/GHSA-22cc-w7xm-rfhx
github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0
github.com/stephenmcd/mezzanine
ibb.co/DpxHpz9
ibb.co/T0fhLwR
nvd.nist.gov/vuln/detail/CVE-2024-25170

Detect and mitigate CVE-2024-25170 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →