exploitDog

CVE-2024-38522

Опубликовано: 28 июн. 2024

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.

Ссылки

https://github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6
Patch
https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q
Exploit
Third Party Advisory
https://github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6
Patch
https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hushline:hush_line:*:*:*:*:*:*:*:*

Версия до 0.1.0 (исключая)

EPSS

Процентиль: 23%

0.00078

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-183

CWE-697

EPSS

Процентиль: 23%

0.00078

Низкий

6.3 Medium

CVSS3

Дефекты

CWE-183

CWE-697