High severity7.5OSV Advisory· Published Jul 9, 2024· Updated Apr 15, 2026
CVE-2024-36676
CVE-2024-36676
Description
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ssddanbrown/bookstackPackagist | < 24.05.1 | 24.05.1 |
Affected products
2- Range: 0.7.2, v.0.7.1, v0.10.0, …
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-pj36-fcrg-327jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-36676ghsaADVISORY
- github.com/BookStackApp/BookStack/commit/69af9e0dbdefd8c6c951e8afbe2bba141d454bebghsaWEB
- github.com/BookStackApp/BookStack/issues/4993nvdWEB
- github.com/BookStackApp/BookStack/releases/tag/v24.05.1nvdWEB
- www.bookstackapp.com/blog/bookstack-release-v24-05-1ghsaWEB
- www.bookstackapp.com/blog/bookstack-release-v24-05-1/nvd
News mentions
0No linked articles in our index yet.