cvedb.io
CVE-2024-43379
LOW · CVSS 3.4
EPSS exploitation probability: 0%
Published 2024-08-19T15:15:08.683 · Last modified 2026-06-17T07:50:54.977

Summary

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, the target endpoint must be an unauthenticated GET endpoint that produces side effects. The victim must scan the maliciously crafted data and have such an endpoint targeted for the exploit to succeed. The vulnerability has been resolved in TruffleHog v3.81.9 and later versions.

Affected products

trufflesecurity — trufflehog

Does this affect you?

Add your gear to cvedb and we'll alert you only when trufflesecurity ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.