CVE-2024-29178

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4
References
Link Resource
http://www.openwall.com/lists/oss-security/2024/07/18/1 Mailing List Third Party Advisory
https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*

History

10 Sep 2024, 13:59

Type Values Removed Values Added
First Time Apache streampark
Apache
CPE cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/07/18/1 - () http://www.openwall.com/lists/oss-security/2024/07/18/1 - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn - () https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn - Mailing List, Vendor Advisory

01 Aug 2024, 13:49

Type Values Removed Values Added
Summary
  • (es) En versiones anteriores a la 2.1.4, un usuario podía iniciar sesión y realizar un ataque de inyección de plantilla que generaba una ejecución remota de código en el servidor. El atacante debía iniciar sesión correctamente en el sistema para lanzar un ataque, por lo que se trata de una vulnerabilidad de impacto moderado. Mitigación: todos los usuarios deben actualizar a 2.1.4
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

18 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/18/1 -

18 Jul 2024, 12:28

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-18 12:15

Updated : 2024-09-10 13:59


NVD link : CVE-2024-29178

Mitre link : CVE-2024-29178

CVE.ORG link : CVE-2024-29178


JSON object : View

Products Affected

apache

  • streampark
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')