{"vulnerability": "CVE-2024-5258", "sightings": [{"uuid": "fe097e85-c95a-4bb8-9a06-ac15104684b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52582", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113510344782839735", "content": "", "creation_timestamp": "2024-11-19T15:33:28.339291Z"}, {"uuid": "4fa5ee20-835d-4e0d-8b0a-bccb95b2adf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52584", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505930043842342", "content": "", "creation_timestamp": "2024-11-18T20:50:44.255046Z"}, {"uuid": "e58ef0c3-8453-4cee-aa68-5206af3e51c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52585", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505930058010161", "content": "", "creation_timestamp": "2024-11-18T20:50:44.683826Z"}, {"uuid": "e972773e-f518-4698-8018-58e1d7c8afb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52581", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113517271415805462", "content": "", "creation_timestamp": "2024-11-20T20:55:00.434012Z"}, {"uuid": "6e8f238c-aaee-473f-9f1a-a3a1f1f8fe14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52589", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldooshw2mf2m", "content": "", "creation_timestamp": "2024-12-19T20:15:28.657186Z"}, {"uuid": "b2b4ce8c-cdd7-4710-8820-c9c100115ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52589", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681106522415587", "content": "", "creation_timestamp": "2024-12-19T19:20:25.463883Z"}, {"uuid": "cab9fe68-6034-4943-a50b-446a52c83e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52589", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681119418009728", "content": "", "creation_timestamp": "2024-12-19T19:23:42.157143Z"}, {"uuid": "dbedbdfb-2c33-4ec4-ab01-40696261c3f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52589", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:31.000000Z"}, {"uuid": "6a9ae601-b63c-47b1-98c8-f5ee8156c960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52588", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqciafjuwkn2", "content": "", "creation_timestamp": "2025-05-29T10:13:44.671813Z"}, {"uuid": "3e0ad152-e9d9-4f0e-acb5-1da92e7887bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52588", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqcp4xeomx2q", "content": "", "creation_timestamp": "2025-05-29T12:16:53.342127Z"}, {"uuid": "a5a2f98c-f4f9-40af-8c42-a55048c3b10d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52589", "type": "seen", "source": "https://t.me/cvedetector/13367", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52589 - Discourse Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52589 \nPublished : Dec. 19, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users. \nSeverity: 2.2 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T22:20:48.000000Z"}, {"uuid": "7e254bdb-fc50-47b3-9881-1f6e86122f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52589", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:01.000000Z"}, {"uuid": "44ae2c16-d2fa-457a-b4e6-b9fcd2acaf15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52587", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"}, {"uuid": "aca91e5d-ccb7-45d2-b584-22770109cd95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52582", "type": "seen", "source": "https://t.me/cvedetector/11454", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52582 - Cachi2 Command-Line Interface Tool Secret Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52582 \nPublished : Nov. 19, 2024, 4:15 p.m. | 16\u00a0minutes ago \nDescription : Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T17:38:41.000000Z"}, {"uuid": "e7a5b0c9-3ac2-4a96-9756-55340995ee7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52586", "type": "seen", "source": "https://t.me/cvedetector/12442", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52586 - eLabFTW Multifactor Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-52586 \nPublished : Dec. 9, 2024, 7:15 p.m. | 44\u00a0minutes ago \nDescription : eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T21:24:07.000000Z"}, {"uuid": "42b48bd1-6e34-45fd-9b2e-be7c1dc9004a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52587", "type": "seen", "source": "https://t.me/cvedetector/11390", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52587 - StepSecurity's Harden-Runner Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52587 \nPublished : Nov. 18, 2024, 10:15 p.m. | 39\u00a0minutes ago \nDescription : StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of harden-runner as the first step in a job, the likelihood of exploitation is low as the Harden-Runner action reads the environment variable during the pre-step stage. There are no known exploits at this time. Version 2.10.2 contains a patch. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T00:04:43.000000Z"}, {"uuid": "b3ec92bf-9844-42ae-ba80-7f966ea47129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52583", "type": "seen", "source": "https://t.me/cvedetector/11389", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52583 - WesHacks Muweilah Wesgreen Hackathon JavaScript Malware Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52583 \nPublished : Nov. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T23:14:38.000000Z"}, {"uuid": "0b727834-7308-4426-8759-b054ac3109af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52584", "type": "seen", "source": "https://t.me/cvedetector/11382", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52584 - Autolab Course Management Unauthorized Grade Modification\", \n  \"Content\": \"CVE ID : CVE-2024-52584 \nPublished : Nov. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T23:14:28.000000Z"}, {"uuid": "e095f63a-14d1-4757-a2f8-841e91afd4b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52585", "type": "seen", "source": "https://t.me/cvedetector/11381", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52585 - Autolab HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52585 \nPublished : Nov. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T23:14:27.000000Z"}, {"uuid": "9022cb41-ed86-43c7-86dc-4d440a539fc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52581", "type": "seen", "source": "https://t.me/cvedetector/11665", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52581 - Litestar ASGI Multipart Form Parser Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-52581 \nPublished : Nov. 20, 2024, 9:15 p.m. | 41\u00a0minutes ago \nDescription : Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to upload arbitrary large files wrapped in a `multipart/form-data` request and cause excessive memory consumption on the server. The multipart form parser in affected versions is vulnerable to this type of attack by design. The public method signature as well as its implementation both expect the entire request body to be available as a single byte string. It is not possible to accept large file uploads in a safe way using this parser. This may be a regression, as a variation of this issue was already reported in CVE-2023-25578. Limiting the part number is not sufficient to prevent out-of-memory errors on the server. A patch is available in version 2.13.0. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T22:57:18.000000Z"}]}