CVE-2024-38522

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Hush Line versions prior to 0.1.0

Description The Content Security Policy (CSP) applied on the tips.hushline.app website and bundled by default in the Hush Line repository is trivial to bypass. Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals.

Recommendations For versions prior to 0.1.0, update to version 0.1.0 to resolve the issue. As a temporary workaround, consider reviewing and reinforcing the CSP policy to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697CWE-183

Related Identifiers

CVE-2024-38522

GHSA-R85C-95X7-4H7Q

Affected Products

Hush Line

CVE-2024-38522

Weakness Enumeration

Related Identifiers

Affected Products

References · 7