Flagsmith/flagsmith

Releases525

Frequency5 days 13 hours

Last Release 3 days ago

Stars6.4K

Flagsmith is an open source feature flagging and remote config service. Self-host or use our hosted version at https://app.flagsmith.com.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-52872 ↗	Nov 17, 2024Sunday, 17 November 2024, 04:15	7.5 HIGH	—
In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.
CVE-2024-52871 ↗	Nov 17, 2024Sunday, 17 November 2024, 04:15	7.5 HIGH	—
In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.