Home > Vulnerability Database > CVE-2024-34354

Mend.io Vulnerability Database

CVE-2024-34354

Date: May 9, 2024

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 into your fork.

Language: TYPE_SCRIPT

Severity Score

6.5

Related Resources (5)

Url: https://github.com/CriticalMoments/CMSaasStarter/security/advisories/GHSA-qgcj-9rxf-rw7q

Url: https://github.com/CriticalMoments/CMSaasStarter/commit/7904d416d2c72ec75f42fbf51e9e64fa74062ee6

Url: https://github.com/CriticalMoments/CMSaasStarter/pull/65

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34354

Url: https://www.mend.io/vulnerability-database/CVE-2024-34354

Severity Score

6.5

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34354

Date: May 9, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?