feast-dev Feast CORS Vulnerability in Agentscope Server

Vulnerability

A Cross-Origin Resource Sharing (CORS) vulnerability has been identified in feast-dev/feast version 0.40.0. The issue arises because the CORS configuration on the agentscope server fails to properly limit access to only trusted origins. This flaw allows any external domain to send requests to the API, potentially bypassing security controls and exposing sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the API, allowing external domains to make requests that could bypass security measures and access sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

feast-dev Feast CORS Vulnerability in Agentscope Server

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating