GHSA-vx8g-76pm-2x2x

Опубликовано: 20 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 10

Описание

Loomio version 2.22.0 allows executing arbitrary commands on the server.

This is possible because the application is vulnerable to OS Command Injection.

Loomio version 2.22.0 allows executing arbitrary commands on the server.

This is possible because the application is vulnerable to OS Command Injection.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-1297
https://github.com/loomio/loomio/commit/6bc5429bfb5a9c7c811a4487d97ea54a8b23a0fa#diff-b9a7e6b3dfb0fd855c11198a7c53e6f6f90945f28c78cc5dbd960d04d5d28203
https://fluidattacks.com/advisories/stones
https://github.com/loomio/loomio

EPSS

Процентиль: 82%

0.01696

Низкий

10 Critical

CVSS3

CVE ID

CVE-2024-1297

Дефекты

CWE-78

CWE-94

Связанные уязвимости

CVE-2024-1297

CVSS3: 7.2

nvd

почти 2 года назад

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.

EPSS

Процентиль: 82%

0.01696

Низкий

10 Critical

CVSS3

CVE ID

CVE-2024-1297

Дефекты

CWE-78

CWE-94