What is CVE-2024-39313?

CVE-2024-39313 is a medium-severity vulnerability in Kisaragieffective Toy-blog, classified under Information Disclosure. CVSS score: 6.5/10. Published 2024-07-01.

How severe is CVE-2024-39313?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Information disclosure in Kisaragieffective Toy-blog

CVE-2024-39313

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrad…

Vulnerability class: Information Disclosure

EPSS: 0.005 (67.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Kisaragieffective Toy-blog — versions >= 0.5.4, < 0.6.1

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr (x_refsource_CONFIRM)
https://github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-39313?: CVE-2024-39313 is a medium-severity vulnerability in Kisaragieffective Toy-blog, classified under Information Disclosure. CVSS score: 6.5/10. Published 2024-07-01.
How severe is CVE-2024-39313?: Medium severity. CVSS v3 base score is 6.5 out of 10.