High severity7.4NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2024-7819
CVE-2024-7819
Description
A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs due to improper validation of the origin header, enabling malicious web pages to make unauthorized requests to the application's API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 1.4.1+ 1 more
- (no CPE)range: = 1.4.1
- (no CPE)range: =1.4.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.