A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/didi/super-jacoco/issues/49 | Exploit Issue Tracking Third Party Advisory |
https://vuldb.com/?ctiid.283315 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.283315 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.432689 | Third Party Advisory VDB Entry |
Configurations
History
08 Nov 2024, 21:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 9.8 |
References | () https://github.com/didi/super-jacoco/issues/49 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.283315 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.283315 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.432689 - Third Party Advisory, VDB Entry | |
First Time |
Didi
Didi super-jacoco |
|
CPE | cpe:2.3:a:didi:super-jacoco:1.0:*:*:*:*:*:*:* |
06 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-06 16:15
Updated : 2024-11-08 21:07
NVD link : CVE-2024-10919
Mitre link : CVE-2024-10919
CVE.ORG link : CVE-2024-10919
JSON object : View
Products Affected
didi
- super-jacoco