CVE-2024-5352

Опубликовано: 26 мая 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.

Ссылки

https://github.com/anji-plus/report/files/15363269/aj-report.pdf
Exploit
https://github.com/anji-plus/report/issues/34
Broken Link
https://vuldb.com/?ctiid.266264
Permissions Required
VDB Entry
https://vuldb.com/?id.266264
Third Party Advisory
VDB Entry
https://github.com/anji-plus/report/files/15363269/aj-report.pdf
Exploit
https://github.com/anji-plus/report/issues/34
Broken Link
https://vuldb.com/?ctiid.266264
Permissions Required
VDB Entry
https://vuldb.com/?id.266264
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*

Версия до 1.4.1 (включая)

EPSS

Процентиль: 28%

0.00099

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

EPSS

Процентиль: 28%

0.00099

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502