CVE-2024-39313

Sažetak

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

Reference

https://github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732
https://github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr
https://github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732
https://github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

06-03-2025 - 14:24

Objavljeno

01-07-2024 - 22:15