14 matches found
CVE-2024-39314
toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...
EUVD-2024-37897
Malicious code in bioql PyPI...
CVE-2024-39313
toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...
CVE-2024-39314 toy-blog administrative token leaked through the command line parameter
toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...
CVE-2024-39314 toy-blog administrative token leaked through the command line parameter
toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...
CVE-2024-39314 toy-blog administrative token leaked through the command line parameter
toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...
CVE-2024-39313 toy-blog Improper Input Validation vulnerability
toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...
CVE-2024-39313 toy-blog Improper Input Validation vulnerability
toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...
CVE-2024-39313
Summary: CVE-2024-39313 affects toy-blog before 0.6.1, where articles with private visibility could be read without providing credentials. The root cause is improper access control for private posts. Impact is unauthorized disclosure of private content (permitted read is described as the primary ...
CVE-2024-39313 toy-blog Improper Input Validation vulnerability
toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...
toy-blog Security Breach
toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.4.3 to 0.5.0, which stems from the disclosure of the administrative password via a command line parameter...
toy-blog Security Breach
toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.5.4 through 0.6.1, which stems from the ability to read articles with private visibility if the reader does not set the requested credentials...
PT-2024-28437 · Toy-Blog · Toy-Blog
Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.5.4 through 0.6.0 Description: The issue allows articles with private visibility to be read without proper credentials. This can lead to unauthorized access to sensitive information. Users are advised to upgrade to a newer...
PT-2024-28438 · Toy-Blog · Toy-Blog
Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.4.3 through 0.4.14 toy-blog versions prior to 0.4.14 Description: The administrative password is leaked through the command line parameter. This issue was patched in version 0.5.0. Recommendations: For versions 0.4.14 and...