CVE-2024-25170

CRITICAL

Mezzanine v6.0.0 - CSRF

Title source: llm

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.

nomisec STUB

by shenhav12 · poc

CVSS v3 9.1

EPSS 0.0179

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-863

Status published

Products (2)

jupo/mezzanine 6.0.0

pypi/Mezzanine 0PyPI

Published Feb 28, 2024

Tracked Since Feb 18, 2026