Unrated severityNVD Advisory· Published Jun 28, 2024· Updated Aug 2, 2024
CSP bypass in Hush Line
CVE-2024-38522
Description
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/scidsg/hushline/commit/2bbeae78a24ca2cd893f32a1812f5f6634cb21b6mitrex_refsource_MISC
- github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7qmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.