{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T14:15:29.547","vulnerabilities":[{"cve":{"id":"CVE-2024-56516","sourceIdentifier":"security-advisories@github.com","published":"2024-12-30T17:15:09.687","lastModified":"2026-06-17T08:12:16.937","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository."},{"lang":"es","value":"free-one-api permite a los usuarios acceder a grandes librerías de ingeniería inversa de modelos de lenguaje a través del formato estándar de API de OpenAI. En versiones hasta la 1.0.1 incluida, se utiliza MD5 para codificar las contraseñas antes de enviarlas al backend. MD5 es un algoritmo de codificación criptográficamente defectuoso y ya no se considera seguro para el almacenamiento o la transmisión de contraseñas. Es vulnerable a ataques de colisión y se puede descifrar fácilmente con hardware moderno, lo que expone las credenciales de los usuarios a un posible riesgo. Al momento de la publicación, no se ha enviado un reemplazo para MD5 al repositorio de GitHub de free-one-api."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RockChinQ","product":"free-one-api","versions":[{"version":"<= 1.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-30T16:48:13.058983Z","id":"CVE-2024-56516","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]}],"references":[{"url":"https://github.com/RockChinQ/free-one-api/blob/4d6ee42ffbb224b95be32c26cabc28d54d01bf78/web/src/main.js#L15","source":"security-advisories@github.com"},{"url":"https://github.com/RockChinQ/free-one-api/security/advisories/GHSA-36cc-58vm-wm4h","source":"security-advisories@github.com"}]}}]}