toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass `--read-bearer-token-from-stdin` to the launch arguments and feed the token from the standard input in version 0.4.14 or later. Earlier versions do not have this workaround.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-01T21:33:54.000Z
Updated: 2024-08-02T04:19:20.704Z
Reserved: 2024-06-21T18:15:22.261Z
Link: CVE-2024-39314
Vulnrichment
Updated: 2024-07-03T20:20:27.765Z
NVD
Status : Awaiting Analysis
Published: 2024-07-01T22:15:03.900
Modified: 2024-07-02T12:09:16.907
Link: CVE-2024-39314
Redhat
No data.