Vulnerabilities > CVE-2024-39313 - Unspecified vulnerability in Toy-Blog Project Toy-Blog

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

toy-blog-project

NVD

Published: 2024-07-01

Updated: 2025-03-06

Summary

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available.

Vulnerable Configurations

Part	Description	Count
Application	Toy-Blog_Project TOY Blog Project TOY Blog *	1

References

https://github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732
https://github.com/KisaragiEffective/toy-blog/commit/f13a45f68c9560124558e6bb445ad441a4cf4732
https://github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr
https://github.com/KisaragiEffective/toy-blog/security/advisories/GHSA-rf2q-5q4q-5fwr