CVE-2024-56799

Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/TrueWinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a
https://github.com/TrueWinter/simofa/security/advisories/GHSA-83qw-5qq5-v7pq

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Simofa es una herramienta que ayuda a automatizar la creación y la implementación de sitios web estáticos. Antes de la versión 0.2.7, debido a un error de diseño en la clase RouteLoader, algunas rutas de API podían ser de acceso público cuando deberían requerir autenticación. Esta vulnerabilidad se ha corregido en la versión v0.2.7.

30 Dec 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-30 19:15

Updated : 2026-06-17 08:12

NVD link : CVE-2024-56799

Mitre link : CVE-2024-56799

CVE.ORG link : CVE-2024-56799

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-56799", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-56799", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2024-12-30T23:13:45.864254Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 3.9}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "TrueWinter", "product": "simofa", "versions": [{"status": "affected", "version": "< 0.2.7"}]}]}], "published": "2024-12-30T19:15:08.160", "references": [{"url": "https://github.com/TrueWinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a", "source": "security-advisories@github.com"}, {"url": "https://github.com/TrueWinter/simofa/security/advisories/GHSA-83qw-5qq5-v7pq", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7."}, {"lang": "es", "value": "Simofa es una herramienta que ayuda a automatizar la creaci\u00f3n y la implementaci\u00f3n de sitios web est\u00e1ticos. Antes de la versi\u00f3n 0.2.7, debido a un error de dise\u00f1o en la clase RouteLoader, algunas rutas de API pod\u00edan ser de acceso p\u00fablico cuando deber\u00edan requerir autenticaci\u00f3n. Esta vulnerabilidad se ha corregido en la versi\u00f3n v0.2.7."}], "lastModified": "2026-06-17T08:12:59.843", "sourceIdentifier": "security-advisories@github.com"}