Lucene search

[email protected]CVE-2024-39313

HistoryJul 01, 2024 - 10:15 p.m.

CVE-2024-39313

2024-07-0122:15:03

CWE-200

[email protected]

web.nvd.nist.gov

toy-blog

content management system

vulnerability

disclosure

private visibility

upgrade

patch

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

Affected configurations

Vulners

Node

kisaragieffectivetoy_blogRange0.5.4–0.6.1

CNA Affected

[
  {
    "vendor": "KisaragiEffective",
    "product": "toy-blog",
    "versions": [
      {
        "version": ">= 0.5.4, < 0.6.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732

github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-39313

vulnrichment1 cvelist1 nvd1