CVE-2024-49368

Oct. 21, 2024, 5:15 p.m.

Tags

CWE-20
security-advisories@github.com
2024-10-21
CVE-2024-49368

Product(s) Impacted

Nginx UI

  • before 2.0.0-beta.36

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue.

Weaknesses

CWE-20
Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE ID: 20

Date

Published: Oct. 21, 2024, 5:15 p.m.

Last Modified: Oct. 21, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36
security-advisories@github.com
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm
security-advisories@github.com