Vulnerability in Xemle Home-gallery

CVE-2024-53276

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default sett…

EPSS: 0.001 (26.0th percentile) — read the EPSS interpretation.

Affected products

Xemle Home-gallery — versions <= 1.15.0

Weakness classification (CWE)

CWE-942 — Permissive Cross-domain Policy with Untrusted Domains

References

https://securitylab.github.com/advisories/GHSL-2024-091_GHSL-2024-092_home-gallery/ (x_refsource_CONFIRM)
https://github.com/xemle/home-gallery/blob/v1.15.0/packages/server/src/app.js#L45 (x_refsource_MISC)