CVE-2024-8183

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-8183

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8183.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8183

Aliases

GHSA-4v9f-r55g-g6hc

Downstream

ROOT-APP-PYPI-CVE-2024-8183

Published

2025-03-20T10:15:41.370Z

Modified

2026-03-14T12:40:55.878232Z

Severity

7.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator

Summary

[none]

Details

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.

References

Affected packages

Git / github.com/prefecthq/prefect

Affected ranges

Type: GIT
Repo: https://github.com/prefecthq/prefect
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a69266e077169b8a32ad76b1dd3ea63b96d011c2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8183.json"