CVE-2024-56799

10.0 CRITICAL

Published: December 30, 2024 Modified: April 15, 2026

Description

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/TrueWinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a

Source: security-advisories@github.com

https://github.com/TrueWinter/simofa/security/advisories/GHSA-83qw-5qq5-v7pq

Source: security-advisories@github.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

10.0 / 10.0

EPSS (Exploit Probability)

0.1%

30th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-306

Related CVEs

CVE-2026-41113 8.1

CVE-2026-40308 N/A

CVE-2026-40249 N/A

CVE-2026-40248 N/A

CVE-2026-40247 N/A