CVE-2024-56799
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56799
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56799.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56799
- Aliases
-
- GHSA-83qw-5qq5-v7pq
- Published
- 2024-12-30T18:20:00.532Z
- Modified
- 2025-12-01T22:16:05.751105Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- Simofa Allows Unauthenticated Access to API Routes
- Details
-
Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56799.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-306" ] }- References
Affected packages
Git / github.com/truewinter/simofa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/truewinter/simofa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.0.10
v0.0.11
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"source": "https://github.com/truewinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-56799-ea36551e",
"target": {
"file": "manager/src/main/java/dev/truewinter/simofa/RouteLoader.java"
},
"digest": {
"line_hashes": [
"271990681721788945417332146982914257256",
"97802811860830377711857455727650656257",
"67967178021522545245719112865559282275",
"200334095809583980185328391285175040916",
"184490978857228457655132358932019612830",
"319758767641608463628646910012839841684",
"209283143662888555397635954518016175639",
"157467729973863148773343305087323257127",
"81967451117081996734375108783062731484",
"279835860272447169491711006066316255897",
"237477073483422869711792644078593743392",
"300240121126839313982220248025935598537",
"129107504101698726886100791697206982071",
"234503932275998983061737663533600817046",
"2906661635526798463529332768957673198",
"235355276569885127839702914622695439481",
"178600187291767764088840574072445484165",
"152438981089372110718398758998378559672",
"317521427043656494953386816292812975459",
"45897664131244194297459476984941361587",
"303810781807704303772331278000028802664",
"186075266035991842276052557302242629346",
"35310424599304735457469301928453619095",
"34439210998587538507647106061410332088",
"173999483533960934572485592499192988579",
"80562627023932915370262979157763014719",
"48969981165312241695645570167591925055",
"47066446936832406415054110344992234496",
"158076509818811324633676646435448141178",
"338491756742518412126220402521578543284",
"199229707567369238775421823948737856175",
"198309686375932314447558462598466092333",
"74271833257886849191600738255495003657",
"178285226016543030450667719904299725889",
"309099542924063399241185629612454096605",
"137397644703050022376516119267897846108",
"332059371719905749142518090267954377814",
"50830758493399955826058494999312044412",
"172897470060049557062253268399393155199",
"242488783416763299723892035097642793532",
"104999733923731408645109956577995483018",
"213079821718765682442040213780452874555",
"259225666703866219072313401287886921451",
"163799220650143686662260313104953712954",
"167855804936371011506911426864780888492",
"221540621724429969611709121077141543025",
"325752980034300935241590345121988758608",
"275372029805151667437289163816735239225",
"79857656579781679713873665099933085318",
"61801820583630237611726078588787804133",
"328273908510965946044327860484453284118",
"291461606088621526739714996146881261124",
"206623367721581852506015367120797356738",
"119809350847334348697981520306688554749",
"14124584731893942730747684212542687579",
"116453098147884029984292380139212836879",
"214647422227694655094057663992602465929",
"76443890348642935172307909984836041369",
"256123812701570206399932811372337918836",
"24346753962429070153291100683587502040",
"338033967281263050898148629638724937757",
"240754559948447280121613909696513130659",
"273416192838995655505865522540045824103",
"136583575097031250830647052163516829173",
"254999214495837073065255631598722611307",
"317855638915282941428318276310870499349",
"278654577980689382966659960128892847270",
"193525511567231236334192541808977348965",
"280997915241874912256055201963008808837",
"108587633537507210242609878158511307392",
"107657454540815153019027881970500676509",
"37105976962211107476012604044288574522",
"67191706326051481053221757614309418014",
"121844410768600158799023436887400896579",
"333785620501958667254339059489728037470",
"194689434306406487821437816302822139858",
"158710915930618047668154875761590022025",
"157619034314239122429593544349077034481",
"273764400885708689509616130678090978388",
"199023094855260150338827979545227565866",
"69566978381528450638454097625970837890",
"273152200221261392481895278589419911179",
"303321595177967149568712833159884988541",
"241819199824903595261595359033131455486",
"54396312459839846288649275417632697093",
"189557548135469483343063814774066776518",
"13883188273485396206707095533612617972",
"155506163326540110770682027813152145133",
"267066238097122876138314594178416015020",
"130219020423690673969478133759487044999",
"79857656579781679713873665099933085318",
"230321028079476895406611920534460950890",
"120552375783756548647182556637050039452",
"144500569139840644006417443646246455221",
"184726678296601081164720082093760857746",
"124546239361510076803508111473256454869",
"234588422769955644012319810777984032701",
"74600864353527838840117982118795964440",
"179550429826456766595068763859257966370",
"199095544364983966458256563724985547020",
"171016056354417274276387226007012661336",
"68790988416086991223005708853430365212",
"56116383358322649948866834469241046747",
"103888673098480052697874820730389051834",
"291258587485498647016099324738107168379",
"124823532593503490187686367927317009101",
"23836887551227309070515607929284610308",
"227882476456840938786215052398333288104",
"220187499229947364265667358683691796673",
"323039582863015189544645895054342423664",
"193622758550303786562289722029444066171",
"159004452392572785746018138579711600716",
"143617653620972103143333577567673611143",
"165015544836424297916022909565782439110",
"272927512581092213435204966099009426334",
"36074551197553665802252991365410378160",
"49716553158709776650166458724035128609",
"54670027091982030250975495233696617875",
"70065238400776888487704769779690739318",
"14999956634761774109152660752445452214",
"193161917210582678038772454371474753784",
"92598656292405767494035906057833220301",
"55831698676797276459643615390932016686",
"11479018726506497584560753198052304033",
"146641868373993387215934512543664090750",
"221329890309916667247280509632094026346",
"175056032558633866879707044925897002207",
"152585504006473572327466204846405808672",
"298242051542138373218884260291434323565",
"316576305396626539834875136127963945401",
"270487362631229331294535616000245473005",
"228013527885305175654301813846983396312",
"122668839215328898509576047701079997078",
"149526811145952080382934183642211491432",
"240121056462875487050769782577862349381",
"89885805981521835129600259958413298683",
"52054784286069442811648140195453462316",
"268145286280833265408320337096025104596",
"222085827302775101788807176878049384902"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"source": "https://github.com/truewinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-56799-fca4165f",
"target": {
"file": "manager/src/main/java/dev/truewinter/simofa/RouteLoader.java",
"function": "load"
},
"digest": {
"length": 1465.0,
"function_hash": "329587084090325387852404054900266904451"
}
}
]