Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.

Affected Packages

Packagist ssddanbrown/bookstack

Affected versions: 0 (fixed in 24.05.1)

Related CVEs

CVE-2024-36676

Key Information

GHSA ID

GHSA-pj36-fcrg-327j

Published

July 10, 2024 12:30 AM

Last Modified

July 10, 2024 4:51 PM

CVSS Score

7.5 /10

Primary Ecosystem

Packagist

Primary Package

ssddanbrown/bookstack

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.