CVE-2024-38522

medium

Description

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.

References

https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q

https://github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6

Details

Source: Mitre, NVD

Published: 2024-06-28

Updated: 2024-09-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: Medium

EPSS

EPSS: 0.00157