exploitDog

CVE-2024-21855

Опубликовано: 21 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1962
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1962
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayuresh82:gocast:1.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00304

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-c6qm-82c6-q92v

CVSS3: 9.8

github

около 1 года назад

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

EPSS

Процентиль: 53%

0.00304

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-306