Flagsmith
by Flagsmith
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52872 | Hig | 0.00 | 7.5 | 0.00 | Nov 17, 2024 | In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions. | ||
| CVE-2024-52871 | Hig | 0.00 | 7.5 | 0.00 | Nov 17, 2024 | In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting. |
- risk 0.00cvss 7.5epss 0.00
In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.
- risk 0.00cvss 7.5epss 0.00
In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.