Candy

**Name of the Vulnerable Software and Affected Versions** ThriveX Blogging Framework versions 2.5.9 through 3.1.3 **Description** An issue exists in the `AssistantController.java` file that allows unauthenticated attackers to obtain sensitive information, such as API Keys. The `/api/assistant/list` API endpoint is affected. The issue allows gaining access to sensitive information. **Recommendations** Update ThriveX Blogging Framework to a version later than 3.1.3.