CVE-2024-27292

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
Configurations

No configuration.

History

21 Nov 2024, 09:04

Type Values Removed Values Added
Summary
  • (es) Docassemble es un sistema experto para entrevistas guiadas y montaje de documentos. La vulnerabilidad permite a los atacantes obtener acceso no autorizado a información del sistema mediante la manipulación de URL. Afecta a las versiones 1.4.53 a 1.4.96. La vulnerabilidad ha sido parcheada en la versión 1.4.97 de la rama maestra.
References () https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 - () https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 -
References () https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv - () https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv -

21 Mar 2024, 02:52

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-21 02:52

Updated : 2024-11-21 09:04


NVD link : CVE-2024-27292

Mitre link : CVE-2024-27292

CVE.ORG link : CVE-2024-27292


JSON object : View

Products Affected

No product.

CWE
CWE-706

Use of Incorrectly-Resolved Name or Reference