CVE-2024-34354

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-34354

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34354.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-34354

Aliases

GHSA-qgcj-9rxf-rw7q

Published

2024-05-09T14:51:41Z

Modified

2025-11-04T19:32:01Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

CMSaasStarter: JWT Token Not Verified on Server Session

Details

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 into your fork.

Database specific

{
    "cwe_ids": [
        "CWE-345"
    ]
}

References

Affected packages

Git / github.com/criticalmoments/cmsaasstarter

Affected ranges

Type: GIT
Repo: https://github.com/criticalmoments/cmsaasstarter
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7904d416d2c72ec75f42fbf51e9e64fa74062ee6