{"id":"CVE-2024-24562","summary":"Security headers not set in vantage6-UI","details":"vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.\n","aliases":["GHSA-gwq3-pvwq-4c9w"],"modified":"2026-04-10T05:09:50.034456Z","published":"2024-03-14T18:52:31.109Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24562.json","cwe_ids":["CWE-668","CWE-693"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24562.json"},{"type":"ADVISORY","url":"https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24562"},{"type":"FIX","url":"https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vantage6/vantage6-ui","events":[{"introduced":"0"},{"fixed":"68dfa661415182da0e5717bd58db3d00aedcbd2e"}]}],"versions":["version/3.3.6","version/3.3.6-post1","version/3.3.7","version/3.3.7-post1","version/3.3.7-post2","version/3.3.7-post3","version/3.4.0","version/3.5.0","version/3.5.1","version/3.5.2","version/3.5.3","version/3.6.0","version/3.6.1","version/3.7.0","version/3.7.1","version/3.8.0","version/4.0.2","version/4.0.3","version/4.0.4","version/4.1.0","version/4.2.0","version/4.3.0b1","version/4.3.0b2","version/4.3.0b3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24562.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}