{"id":"CVE-2024-52871","details":"In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.","modified":"2026-04-10T05:19:38.767884Z","published":"2024-11-17T04:15:03.973Z","references":[{"type":"FIX","url":"https://github.com/Flagsmith/flagsmith/pull/4454"},{"type":"FIX","url":"https://github.com/Flagsmith/flagsmith/compare/v2.134.0...v2.134.1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/flagsmith/flagsmith","events":[{"introduced":"0"},{"fixed":"a3368fe44e13770132ffbaa6bfd300869d67970a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.134.1"}]}}],"versions":["2.9.0","flagsmith-api-v2.67.0","flagsmith-docs-v2.66.2","flagsmith-frontend-v2.67.1","flagsmith-frontend-v2.69.0","v1.0.0","v1.0.1","v1.0.3","v1.1.2","v1.1.3","v1.1.5","v1.12.0","v1.3.2","v1.4.1","v1.9","v2.1.0","v2.10.3","v2.100.0","v2.100.1","v2.101.0","v2.102.0","v2.103.0","v2.103.1","v2.103.2","v2.103.3","v2.103.4","v2.104.0","v2.104.1","v2.105.0","v2.105.1","v2.106.0","v2.107.0","v2.107.1","v2.107.2","v2.107.3","v2.107.4","v2.108.0","v2.108.1","v2.109.0","v2.11.0","v2.11.1","v2.11.2","v2.11.3","v2.11.4","v2.11.5","v2.110.0","v2.110.1","v2.110.2","v2.111.0","v2.111.1","v2.112.0","v2.113.0","v2.114.0","v2.114.1","v2.115.0","v2.116.0","v2.116.1","v2.116.2","v2.116.3","v2.117.0","v2.117.1","v2.118.0","v2.118.1","v2.119.0","v2.119.1","v2.12.0","v2.120.0","v2.121.0","v2.122.0","v2.123.0","v2.123.1","v2.124.0","v2.124.1","v2.124.2","v2.125.0","v2.126.0","v2.127.0","v2.127.1","v2.128.0","v2.129.0","v2.13.0","v2.130.0","v2.131.0","v2.132.0","v2.133.0","v2.133.1","v2.134.0","v2.14.0","v2.14.2","v2.15.0","v2.16.0","v2.16.1","v2.16.2","v2.17.0","v2.18.0","v2.18.1","v2.18.2","v2.18.3","v2.18.4","v2.18.5","v2.18.6","v2.18.7","v2.19.0","v2.19.1","v2.19.2","v2.2.0","v2.20.0","v2.20.1","v2.20.2","v2.20.3","v2.20.4","v2.20.5","v2.21.0","v2.21.1","v2.21.2","v2.22.4","v2.22.5","v2.22.6","v2.23.0","v2.23.1","v2.23.2","v2.23.3","v2.23.4","v2.23.5","v2.23.6","v2.24.0","v2.24.1","v2.24.3","v2.25.0","v2.25.1","v2.26.0","v2.26.1","v2.26.2","v2.26.3","v2.26.4","v2.26.5","v2.27.0","v2.27.1","v2.27.2","v2.28.0","v2.28.1","v2.28.2","v2.28.3","v2.28.4","v2.29.0","v2.29.1","v2.29.2","v2.29.3","v2.29.4","v2.29.6","v2.29.7","v2.30.0","v2.30.1","v2.31.0","v2.32.0","v2.32.1","v2.32.2","v2.32.3","v2.32.4","v2.32.5","v2.32.6","v2.33.0","v2.34.0","v2.34.1","v2.34.2","v2.34.3","v2.35.0","v2.35.1","v2.35.2","v2.35.3","v2.35.4","v2.35.5","v2.36.0","v2.36.1","v2.36.2","v2.37.0","v2.37.1","v2.38.0","v2.38.1","v2.38.2","v2.39.0","v2.39.1","v2.39.2","v2.40.0","v2.40.1","v2.41.0","v2.42.0","v2.42.1","v2.43.0","v2.44.0","v2.44.1","v2.45.0","v2.46.0","v2.46.1","v2.47.0","v2.47.1","v2.47.2","v2.48.0","v2.48.1","v2.48.2","v2.48.3","v2.48.4","v2.48.5","v2.49.0","v2.49.1","v2.49.2","v2.49.3","v2.49.4","v2.5.0","v2.5.2","v2.5.4","v2.5.5","v2.50.0","v2.50.1","v2.50.2","v2.50.3","v2.51.0","v2.51.1","v2.51.2","v2.52.0","v2.53.0","v2.54.0","v2.55.0","v2.55.1","v2.56.0","v2.56.1","v2.57.0","v2.58.0","v2.58.1","v2.59.0","v2.59.1","v2.59.2","v2.59.3","v2.6.0","v2.61.0","v2.62.0","v2.62.1","v2.62.2","v2.62.3","v2.62.4","v2.62.5","v2.63.0","v2.63.1","v2.63.2","v2.63.3","v2.64.0","v2.64.1","v2.65.0","v2.66.0","v2.66.1","v2.66.2","v2.67.0","v2.68.0","v2.69.0","v2.69.1","v2.7.0","v2.7.2","v2.7.3","v2.7.4","v2.70.0","v2.70.1","v2.70.2","v2.71.0","v2.72.0","v2.72.1","v2.73.0","v2.73.1","v2.74.0","v2.75.0","v2.76.0","v2.77.0","v2.78.0","v2.79.0","v2.8.0","v2.8.1","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v2.8.6","v2.8.7","v2.8.8","v2.8.9","v2.80.0","v2.81.0","v2.81.1","v2.82.0","v2.83.0","v2.84.0","v2.84.1","v2.84.2","v2.85.0","v2.86.0","v2.87.0","v2.88.0","v2.89.0","v2.9.1","v2.9.2","v2.9.4","v2.90.0","v2.91.0","v2.92.0","v2.93.0","v2.94.0","v2.95.0","v2.96.0","v2.97.0","v2.97.1","v2.98.0","v2.99.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52871.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}