Опубликовано: 18 мар. 2024
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 9.8
Описание
FitNesse allows execution of arbitrary OS commands
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands.
Пакеты
Наименование
org.fitnesse:fitnesse
maven
Затронутые версииВерсия исправления
<= 20240707
Отсутствует
EPSS
Процентиль: 66%
0.0051
Низкий
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
CWE-77
CWE-78
Связанные уязвимости
CVSS3: 9.8
nvd
почти 2 года назад
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.
EPSS
Процентиль: 66%
0.0051
Низкий
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
CWE-77
CWE-78