exploitDog

CVE-2024-23054

Опубликовано: 05 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).

Ссылки

http://plone.com
Not Applicable
http://ploneorg.com
Product
https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md
Exploit
Third Party Advisory
http://plone.com
Not Applicable
http://ploneorg.com
Product
https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plone:plone_docker_official_image:5.2.13:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03909

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-427

CWE-427

Связанные уязвимости

GHSA-34rx-mprw-whv5

CVSS3: 9.8

github

около 2 лет назад

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).

EPSS

Процентиль: 88%

0.03909

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-427

CWE-427