Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSP bypass in Hush Line
Vulnerability Description
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
宽松定义的白名单
Vulnerability Title
Hush Line 安全漏洞
Vulnerability Description
Hush Line是免费开源匿名举报热线服务。 Hush Line存在安全漏洞,该漏洞源于在tips.hushline.app网站上应用的CSP策略很容易被绕过。
CVSS Information
N/A
Vulnerability Type
N/A