Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-29178

July 18, 2024, 2:15 p.m.

Tags

security@apache.org
CWE-94
2024-07-18
CVE-2024-29178

Product(s) Impacted

UNKNOWN

Description

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4

Weaknesses

CWE-94
Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CWE ID: 94

Date

Published: July 18, 2024, 12:15 p.m.

Last Modified: July 18, 2024, 2:15 p.m.

Status : Undergoing Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security@apache.org

References

http://www.openwall.com/ security@apache.org
https://lists.apache.org/ security@apache.org