Lucene search

GitHub_MVULNRICHMENT:CVE-2024-39313

HistoryJul 01, 2024 - 9:23 p.m.

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

2024-07-0121:23:38

CWE-200

GitHub_M

github.com

toy-blog; content management system; article visibility; input validation; upgrade; patch; vulnerability; cve-2024-39313; 0.5.4; 0.6.1; private visibility

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

JSON

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

CNA Affected

[
  {
    "vendor": "KisaragiEffective",
    "product": "toy-blog",
    "versions": [
      {
        "status": "affected",
        "version": ">= 0.5.4, < 0.6.1"
      }
    ]
  }
]

References

github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732

github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

JSON

Related for VULNRICHMENT:CVE-2024-39313