CVE-2024-38522

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hushline:hush_line:*:*:*:*:*:*:*:*

History

17 Sep 2024, 19:06

Type Values Removed Values Added
References () https://github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6 - () https://github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6 - Patch
References () https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q - () https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q - Exploit, Third Party Advisory
CPE cpe:2.3:a:hushline:hush_line:*:*:*:*:*:*:*:*
First Time Hushline
Hushline hush Line
CWE CWE-697

01 Jul 2024, 12:37

Type Values Removed Values Added
Summary
  • (es) Hush Line es una línea de sugerencias anónimas como servicio, gratuita y de código abierto para organizaciones o individuos. Es fácil omitir la política de CSP aplicada en el sitio web `tips.hushline.app` e incluida de forma predeterminada en este repositorio. Esta vulnerabilidad ha sido parcheada en la versión 0.1.0.

28 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-28 17:15

Updated : 2024-09-17 19:06


NVD link : CVE-2024-38522

Mitre link : CVE-2024-38522

CVE.ORG link : CVE-2024-38522


JSON object : View

Products Affected

hushline

  • hush_line
CWE
CWE-697

Incorrect Comparison

CWE-183

Permissive List of Allowed Inputs