CVE-2024-55888

Name of the Vulnerable Software and Affected Versions Hush Line versions 0.1.0 through 0.3.4

Description Hush Line is an open-source whistleblower management system. The production server was misconfigured, missing content security policy and security headers, which could result in bypassing of cross-site scripting filters.

Recommendations For versions 0.1.0 through 0.3.4, update to version 0.3.5 to resolve the issue. As a temporary workaround, consider implementing a content security policy and adding security headers to the production server until the update to version 0.3.5 is applied.