MidnightBSD

Advisories for flagsmith

CVE-2024-52871

In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.

Products Affected

Vendor Product Version
flagsmith flagsmith *
CVE-2024-52872

In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.

Products Affected

Vendor Product Version
flagsmith flagsmith *