Yeti
Sign in to watchSource repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46508 | Hig | 0.49 | 7.5 | 0.00 | May 8, 2026 | yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET). | |
| CVE-2024-46507 | Hig | 0.47 | 7.3 | 0.00 | May 8, 2026 | A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server. |