CVE-2024-55224

Опубликовано: 09 янв. 2025

Источник: nvd

CVSS3: 9.6

EPSS Низкий

Описание

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.

Ссылки

https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4
Release Notes
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
Release Notes
https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*

Версия до 1.32.5 (исключая)

EPSS

Процентиль: 66%

0.00524

Низкий

9.6 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-55224

CVSS3: 9.6

debian

около 1 года назад

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows ...

GHSA-g5x8-v2ch-gj2g

github