CVE-2024-39313

Опубликовано: 01 июл. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 5.3

EPSS Низкий

Описание

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

Ссылки

https://github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732
Patch
https://github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr
Vendor Advisory
https://github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732
Patch
https://github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:toy-blog_project:toy-blog:*:*:*:*:*:*:*:*

Версия от 0.5.4 (включая) до 0.6.1 (исключая)

EPSS

Процентиль: 66%

0.00518

Низкий

6.5 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

EPSS

Процентиль: 66%

0.00518

Низкий

6.5 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo