CVE-2024-10264 Information

Description

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access bypassing security controls session hijacking data leakage and potentially arbitrary code execution.

Reference

https://huntr.com/bounties/988247d5-fd60-4d85-845a-e867d62c0d02