CVE-2024-39313 — MEDIUM (6.5)

Q: How severe is CVE-2024-39313?

CVE-2024-39313 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-39313?

Check the references section above for vendor advisories and patch information. Affected products include: Toy-Blog Project Toy-Blog.

Vulnerability Description

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Toy-Blog Project	Toy-Blog	>= 0.5.4, < 0.6.1

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2024-39313?

CVE-2024-39313 is a vulnerability with a CVSS score of 6.5 (MEDIUM). toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentia...

How severe is CVE-2024-39313?

CVE-2024-39313 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39313?

Check the references section above for vendor advisories and patch information. Affected products include: Toy-Blog Project Toy-Blog.