CVE-2024-11602

Name of the Vulnerable Software and Affected Versions feast-dev/feast version 0.40.0

Description A Cross-Origin Resource Sharing (CORS) issue exists, where the CORS configuration on the agentscope server does not properly restrict access to only trusted origins. This allows any external domain to make requests to the API, potentially bypassing intended security controls and exposing sensitive information.

Recommendations For version 0.40.0, consider restricting access to the agentscope server API by properly configuring CORS to only allow requests from trusted origins until a patch is available.