Medium severity6.5NVD Advisory· Published May 14, 2024· Updated Apr 15, 2026

CVE-2024-34354

Description

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 into your fork.

Patches

7904d416d2c7

https://github.com/scosman/cmsaasstartervia osv

7904d416d2c7

https://github.com/CriticalMoments/CMSaasStartervia osv

commit PR #65

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/CriticalMoments/CMSaasStarter/commit/7904d416d2c72ec75f42fbf51e9e64fa74062ee6nvd
github.com/CriticalMoments/CMSaasStarter/pull/65nvd
github.com/CriticalMoments/CMSaasStarter/security/advisories/GHSA-qgcj-9rxf-rw7qnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000