CVE-2024-31411

Опубликовано: 17 июл. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 6

EPSS Низкий

Описание

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Ссылки

https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/07/16/10
https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*

Версия до 0.95.0 (исключая)

EPSS

Процентиль: 82%

0.01796

Низкий

8.8 High

CVSS3

6 Medium

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-6523-jf4r-c962

CVSS3: 8.8

github

больше 1 года назад

Apache StreamPipes has potential remote code execution (RCE) via file upload

EPSS

Процентиль: 82%

0.01796

Низкий

8.8 High

CVSS3

6 Medium

CVSS3

Дефекты

CWE-434