{"id":"CVE-2024-55500","details":"Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.","aliases":["GHSA-gg6x-448q-pqqm"],"modified":"2026-04-10T05:22:22.269858Z","published":"2024-12-10T19:15:31.020Z","references":[{"type":"FIX","url":"https://github.com/avwo/whistle/commit/d1b8ca275dc4e453bd2efed392c0fd4b92f73cdf"},{"type":"ARTICLE","url":"https://www.sonarsource.com/blog/never-underestimate-csrf-why-origin-reflection-is-a-bad-idea/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/avwo/whistle","events":[{"introduced":"0"},{"fixed":"d1b8ca275dc4e453bd2efed392c0fd4b92f73cdf"}]}],"versions":["v0.10.0","v0.10.1","v0.10.2","v0.11.0","v0.11.1","v0.11.2","v0.11.3","v0.11.4","v0.12.2","v0.12.3","v1.0.0","v1.0.1","v1.0.3","v1.0.4","v1.1.0","v1.1.1","v1.1.2","v1.10.1","v1.10.10","v1.10.2","v1.10.3","v1.10.4","v1.10.5","v1.10.6","v1.10.8","v1.10.9","v1.11.0","v1.11.1","v1.11.2","v1.11.3","v1.11.4","v1.12.0","v1.12.1","v1.12.10","v1.12.11","v1.12.12","v1.12.13","v1.12.14","v1.12.15","v1.12.16","v1.12.17","v1.12.2","v1.12.3","v1.12.4","v1.12.5","v1.12.6","v1.12.7","v1.12.8","v1.12.9","v1.13.0","v1.13.1","v1.13.10","v1.13.11","v1.13.12","v1.13.13","v1.13.14","v1.13.15","v1.13.16","v1.13.17","v1.13.18","v1.13.2","v1.13.21","v1.13.22","v1.13.23","v1.13.24","v1.13.25","v1.13.26","v1.13.27","v1.13.28","v1.13.3","v1.13.4","v1.13.5","v1.13.6","v1.13.7","v1.13.8","v1.13.9","v1.14.0","v1.14.1","v1.14.10","v1.14.4","v1.14.5","v1.14.6","v1.14.7","v1.14.8","v1.14.9","v1.15.0","v1.15.1","v1.15.10","v1.15.11","v1.15.12","v1.15.13","v1.15.14","v1.15.15","v1.15.16","v1.15.2","v1.15.3","v1.15.4","v1.15.5","v1.15.7","v1.15.8","v1.15.9","v1.16.0","v1.16.1","v1.16.10","v1.16.11","v1.16.12","v1.16.13","v1.16.2","v1.16.3","v1.16.4","v1.16.5","v1.16.6","v1.16.7","v1.16.8","v1.16.9","v1.17.0","v1.17.1","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.3.0","v1.3.1","v1.3.10","v1.3.11","v1.3.12","v1.3.13","v1.3.14","v1.3.15","v1.3.16","v1.3.17","v1.3.18","v1.3.19","v1.3.2","v1.3.20","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.10","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.16","v1.4.17","v1.4.18","v1.4.19","v1.4.2","v1.4.20","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.4.9","v1.5.1","v1.5.10","v1.5.11","v1.5.12","v1.5.14","v1.5.15","v1.5.16","v1.5.17","v1.5.18","v1.5.3","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.7.0","v1.7.1","v1.7.3","v1.8.0","v1.8.1","v1.8.2","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9","v1.9.0","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.9","v2.0.0","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.7","v2.4.0","v2.4.1","v2.4.10","v2.4.11","v2.4.12","v2.4.14","v2.4.15","v2.4.17","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8","v2.4.9","v2.5.0","v2.5.1","v2.5.10","v2.5.11","v2.5.12","v2.5.13","v2.5.14","v2.5.15","v2.5.16","v2.5.17","v2.5.18","v2.5.19","v2.5.2","v2.5.20","v2.5.21","v2.5.22","v2.5.23","v2.5.24","v2.5.25","v2.5.26","v2.5.27","v2.5.28","v2.5.29","v2.5.3","v2.5.30","v2.5.31","v2.5.32","v2.5.5","v2.5.6","v2.5.7","v2.5.8","v2.5.9","v2.6.0","v2.6.1","v2.6.10","v2.6.11","v2.6.12","v2.6.13","v2.6.14","v2.6.15","v2.6.16","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.6.8","v2.6.9","v2.7.0","v2.7.1","v2.7.10","v2.7.11","v2.7.12","v2.7.13","v2.7.14","v2.7.15","v2.7.16","v2.7.17","v2.7.18","v2.7.19","v2.7.2","v2.7.20","v2.7.21","v2.7.22","v2.7.23","v2.7.24","v2.7.25","v2.7.26","v2.7.27","v2.7.28","v2.7.29","v2.7.3","v2.7.4","v2.7.5","v2.7.6","v2.7.7","v2.7.8","v2.7.9","v2.8.0","v2.8.1","v2.8.10","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v2.8.6","v2.8.7","v2.8.8","v2.8.9","v2.9.0","v2.9.1","v2.9.10","v2.9.11","v2.9.12","v2.9.13","v2.9.14","v2.9.15","v2.9.16","v2.9.17","v2.9.18","v2.9.19","v2.9.2","v2.9.20","v2.9.21","v2.9.22","v2.9.23","v2.9.25","v2.9.26","v2.9.27","v2.9.28","v2.9.29","v2.9.3","v2.9.30","v2.9.31","v2.9.32","v2.9.33","v2.9.34","v2.9.35","v2.9.36","v2.9.37","v2.9.38","v2.9.39","v2.9.4","v2.9.40","v2.9.41","v2.9.42","v2.9.43","v2.9.44","v2.9.45","v2.9.46","v2.9.47","v2.9.48","v2.9.5","v2.9.50","v2.9.51","v2.9.52","v2.9.53","v2.9.54","v2.9.55","v2.9.56","v2.9.57","v2.9.58","v2.9.59","v2.9.6","v2.9.60","v2.9.61","v2.9.62","v2.9.63","v2.9.64","v2.9.65","v2.9.66","v2.9.67","v2.9.68","v2.9.69","v2.9.7","v2.9.70","v2.9.71","v2.9.72","v2.9.73","v2.9.74","v2.9.75","v2.9.76","v2.9.77","v2.9.78","v2.9.8","v2.9.80","v2.9.81","v2.9.82","v2.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55500.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}