CVE-2024-47219

Sept. 26, 2024, 1:32 p.m.

Tags

cve@mitre.org
CWE-94
2024-09-22
CVE-2024-47219

Product(s) Impacted

NebulaGraph

  • up to 3.8.0

Description

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection.

Weaknesses

CWE-94
Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CWE ID: 94

Date

Published: Sept. 22, 2024, 1:15 a.m.

Last Modified: Sept. 26, 2024, 1:32 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/vesoft-inc/nebula/pull/5936
cve@mitre.org
https://github.com/vesoft-inc/nebula/pull/5936/commits/cd6c5976ccfe817b2e0a2d46227cd361bfefb45c
cve@mitre.org