CORS Misconfiguration in Netease Youdao Qanything
CVE-2024-8024

7.5HIGH

Key Information:

Vendor: Netease-youdao
Status: Netease-youdao/qanything
Vendor: CVE Published:; 20 March 2025

🔔 Create Netease-youdao Vulnerability Alert

What is CVE-2024-8024?

A CORS misconfiguration vulnerability is present in Netease Youdao Qanything version 1.4.1. This flaw allows attackers to circumvent the Same-Origin Policy, which can lead to unintended exposure of sensitive information. To safeguard against such vulnerabilities, it is essential to adopt a properly restrictive CORS policy, ensuring that only authorized domains can access your resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

netease-youdao/qanything <= unspecified

References

https://huntr.com/bounties/bda53fab-88aa-4e03-8d9d-4cf50a...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Aug 20, 2024

JSON

Netease-youdao

What is CVE-2024-8024?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.