CVE-2024-39313

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39313

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39313.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39313

Related

GHSA-rf2q-5q4q-5fwr

Published

2024-07-01T22:15:03Z

Modified

2025-03-10T22:53:15.318253Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

References

Affected packages

Git / github.com/kisaragieffective/toy-blog

Affected ranges

Type: GIT
Repo: https://github.com/kisaragieffective/toy-blog
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f13a45f68c9560124558e6bb445ad441a4cf4732

Fixed

f13a45f68c9560124558e6bb445ad441a4cf4732

Affected versions

0.*

0.4.10

0.4.11

0.4.12

0.4.13

0.4.14

0.4.15

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4