CVE-2024-56799
CVE-2024-56799
10.0
CriticalPublished:
Last updated:
Source:security-advisories@github.com
Deferred
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7.
References
security-advisories@github.com
https://github.com/TrueWinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2asecurity-advisories@github.com
https://github.com/TrueWinter/simofa/security/advisories/GHSA-83qw-5qq5-v7pq