toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass `--read-bearer-token-from-stdin` to the launch arguments and feed the token from the standard input in version 0.4.14 or later. Earlier versions do not have this workaround.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-01T21:33:54.000Z

Updated: 2024-08-02T04:19:20.704Z

Reserved: 2024-06-21T18:15:22.261Z

Link: CVE-2024-39314

cve-icon Vulnrichment

Updated: 2024-07-03T20:20:27.765Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-01T22:15:03.900

Modified: 2024-07-02T12:09:16.907

Link: CVE-2024-39314

cve-icon Redhat

No data.