CVE-2024-29672

Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed
https://github.com/zly2006/reden-is-what-we-made/commit/44c5320f0a1ccaa764dd91df6a12e747f81fe63a
https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed
https://github.com/zly2006/reden-is-what-we-made/commit/44c5320f0a1ccaa764dd91df6a12e747f81fe63a

Configurations

No configuration.

History

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed -~~	() https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed -
References	~~() https://github.com/zly2006/reden-is-what-we-made/commit/44c5320f0a1ccaa764dd91df6a12e747f81fe63a -~~	() https://github.com/zly2006/reden-is-what-we-made/commit/44c5320f0a1ccaa764dd91df6a12e747f81fe63a -

16 Aug 2024, 15:35

Type	Values Removed	Values Added
CWE		CWE-22
Summary		(es) Vulnerabilidad de Directory Traversal en zly2006 Reden anterior a v.0.2.514 permite a un atacante remoto ejecutar código arbitrario a través de DEBUG_RTC_REQUEST_SYNC_DATA en KeyCallbacks.kt.

05 Apr 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-05 06:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-29672

Mitre link : CVE-2024-29672

CVE.ORG link : CVE-2024-29672

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

8.8 /10