CVE-2024-52583

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-52583

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52583.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52583

Aliases

GHSA-462m-5c66-4pmh

Published

2024-11-18T20:35:16Z

Modified

2025-10-21T02:34:56Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator

Summary

WesHacks code includes links to Leostop tracking spyware infested files

Details

The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page schedule.html before 17 November 2024 or commit 93dfb83 contains links to Leostop, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. Leostop may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to Leostop as of 17 November 2024.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "93dfb83"
            }
        ]
    }
]