CVE-2024-9129

Oct. 23, 2024, 3:12 p.m.

Tags

CWE-134
security@puppet.com
2024-10-22
CVE-2024-9129

Product(s) Impacted

Zend Server

  • 8.5 and prior to 9.2

Description

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino

Weaknesses

CWE-134
Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

CWE ID: 134

Date

Published: Oct. 22, 2024, 5:15 p.m.

Last Modified: Oct. 23, 2024, 3:12 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@puppet.com

References

https://portal.perforce.com/s/detail/a91PA000001SYZFYA4
security@puppet.com