Lucene search

K
cvelistGitHub_MCVELIST:CVE-2024-39313
HistoryJul 01, 2024 - 9:23 p.m.

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

2024-07-0121:23:38
CWE-200
GitHub_M
www.cve.org
3
toy-blog
content management system
improper input validation
vulnerability
cve-2024-39313
patch
upgrade

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

CNA Affected

[
  {
    "vendor": "KisaragiEffective",
    "product": "toy-blog",
    "versions": [
      {
        "version": ">= 0.5.4, < 0.6.1",
        "status": "affected"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

Related for CVELIST:CVE-2024-39313