CVE-2024-45505

{"id": "CVE-2024-45505", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-18T09:15:05.870", "references": [{"url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/16/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando ('Inyecci\u00f3n de comandos') en Apache HertzBeat (en incubaci\u00f3n). Esta vulnerabilidad solo puede ser explotada por atacantes autorizados. Este problema afecta a Apache HertzBeat (en incubaci\u00f3n): versiones anteriores a la 1.6.1. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.6.1, que soluciona el problema."}], "lastModified": "2024-11-21T09:37:51.947", "sourceIdentifier": "security@apache.org"}