{"id":"CVE-2024-56799","summary":"Simofa Allows Unauthenticated Access to API Routes","details":"Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7.","aliases":["GHSA-83qw-5qq5-v7pq"],"modified":"2026-04-12T10:53:59.952262Z","published":"2024-12-30T18:20:00.532Z","database_specific":{"cwe_ids":["CWE-306"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56799.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56799.json"},{"type":"ADVISORY","url":"https://github.com/TrueWinter/simofa/security/advisories/GHSA-83qw-5qq5-v7pq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56799"},{"type":"FIX","url":"https://github.com/TrueWinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/truewinter/simofa","events":[{"introduced":"0"},{"fixed":"1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a"}]}],"versions":["v0.0.1","v0.0.10","v0.0.11","v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.0.9","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56799.json","vanir_signatures_modified":"2026-04-12T10:53:59Z","vanir_signatures":[{"signature_type":"Line","id":"CVE-2024-56799-ea36551e","digest":{"threshold":0.9,"line_hashes":["271990681721788945417332146982914257256","97802811860830377711857455727650656257","67967178021522545245719112865559282275","200334095809583980185328391285175040916","184490978857228457655132358932019612830","319758767641608463628646910012839841684","209283143662888555397635954518016175639","157467729973863148773343305087323257127","81967451117081996734375108783062731484","279835860272447169491711006066316255897","237477073483422869711792644078593743392","300240121126839313982220248025935598537","129107504101698726886100791697206982071","234503932275998983061737663533600817046","2906661635526798463529332768957673198","235355276569885127839702914622695439481","178600187291767764088840574072445484165","152438981089372110718398758998378559672","317521427043656494953386816292812975459","45897664131244194297459476984941361587","303810781807704303772331278000028802664","186075266035991842276052557302242629346","35310424599304735457469301928453619095","34439210998587538507647106061410332088","173999483533960934572485592499192988579","80562627023932915370262979157763014719","48969981165312241695645570167591925055","47066446936832406415054110344992234496","158076509818811324633676646435448141178","338491756742518412126220402521578543284","199229707567369238775421823948737856175","198309686375932314447558462598466092333","74271833257886849191600738255495003657","178285226016543030450667719904299725889","309099542924063399241185629612454096605","137397644703050022376516119267897846108","332059371719905749142518090267954377814","50830758493399955826058494999312044412","172897470060049557062253268399393155199","242488783416763299723892035097642793532","104999733923731408645109956577995483018","213079821718765682442040213780452874555","259225666703866219072313401287886921451","163799220650143686662260313104953712954","167855804936371011506911426864780888492","221540621724429969611709121077141543025","325752980034300935241590345121988758608","275372029805151667437289163816735239225","79857656579781679713873665099933085318","61801820583630237611726078588787804133","328273908510965946044327860484453284118","291461606088621526739714996146881261124","206623367721581852506015367120797356738","119809350847334348697981520306688554749","14124584731893942730747684212542687579","116453098147884029984292380139212836879","214647422227694655094057663992602465929","76443890348642935172307909984836041369","256123812701570206399932811372337918836","24346753962429070153291100683587502040","338033967281263050898148629638724937757","240754559948447280121613909696513130659","273416192838995655505865522540045824103","136583575097031250830647052163516829173","254999214495837073065255631598722611307","317855638915282941428318276310870499349","278654577980689382966659960128892847270","193525511567231236334192541808977348965","280997915241874912256055201963008808837","108587633537507210242609878158511307392","107657454540815153019027881970500676509","37105976962211107476012604044288574522","67191706326051481053221757614309418014","121844410768600158799023436887400896579","333785620501958667254339059489728037470","194689434306406487821437816302822139858","158710915930618047668154875761590022025","157619034314239122429593544349077034481","273764400885708689509616130678090978388","199023094855260150338827979545227565866","69566978381528450638454097625970837890","273152200221261392481895278589419911179","303321595177967149568712833159884988541","241819199824903595261595359033131455486","54396312459839846288649275417632697093","189557548135469483343063814774066776518","13883188273485396206707095533612617972","155506163326540110770682027813152145133","267066238097122876138314594178416015020","130219020423690673969478133759487044999","79857656579781679713873665099933085318","230321028079476895406611920534460950890","120552375783756548647182556637050039452","144500569139840644006417443646246455221","184726678296601081164720082093760857746","124546239361510076803508111473256454869","234588422769955644012319810777984032701","74600864353527838840117982118795964440","179550429826456766595068763859257966370","199095544364983966458256563724985547020","171016056354417274276387226007012661336","68790988416086991223005708853430365212","56116383358322649948866834469241046747","103888673098480052697874820730389051834","291258587485498647016099324738107168379","124823532593503490187686367927317009101","23836887551227309070515607929284610308","227882476456840938786215052398333288104","220187499229947364265667358683691796673","323039582863015189544645895054342423664","193622758550303786562289722029444066171","159004452392572785746018138579711600716","143617653620972103143333577567673611143","165015544836424297916022909565782439110","272927512581092213435204966099009426334","36074551197553665802252991365410378160","49716553158709776650166458724035128609","54670027091982030250975495233696617875","70065238400776888487704769779690739318","14999956634761774109152660752445452214","193161917210582678038772454371474753784","92598656292405767494035906057833220301","55831698676797276459643615390932016686","11479018726506497584560753198052304033","146641868373993387215934512543664090750","221329890309916667247280509632094026346","175056032558633866879707044925897002207","152585504006473572327466204846405808672","298242051542138373218884260291434323565","316576305396626539834875136127963945401","270487362631229331294535616000245473005","228013527885305175654301813846983396312","122668839215328898509576047701079997078","149526811145952080382934183642211491432","240121056462875487050769782577862349381","89885805981521835129600259958413298683","52054784286069442811648140195453462316","268145286280833265408320337096025104596","222085827302775101788807176878049384902"]},"target":{"file":"manager/src/main/java/dev/truewinter/simofa/RouteLoader.java"},"deprecated":false,"source":"https://github.com/truewinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a","signature_version":"v1"},{"signature_type":"Function","id":"CVE-2024-56799-fca4165f","digest":{"length":1465,"function_hash":"329587084090325387852404054900266904451"},"target":{"file":"manager/src/main/java/dev/truewinter/simofa/RouteLoader.java","function":"load"},"deprecated":false,"source":"https://github.com/truewinter/simofa/commit/1b04ba413a9c1d12a33dd50a32f67345c2fa6f2a","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}]}