CVE-2024-47180

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47180
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2
https://github.com/badges/shields/issues/10553
https://github.com/badges/shields/pull/10551
https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445
Configurations

No configuration.

History

30 Sep 2024, 12:46

Type Values Removed Values Added
Summary
  • (es) Shields.io es un servicio para insignias concisas, consistentes y legibles en formato SVG y raster. Shields.io y los usuarios que alojan por sí mismos su propia instancia de escudos usando la versión &lt; `server-2024-09-25` son vulnerables a una vulnerabilidad de ejecución remota a través de la librería JSONPath utilizada por las insignias Dynamic JSON/Toml/Yaml. Esta vulnerabilidad permitiría a cualquier usuario con acceso hacer una solicitud a una URL en la instancia con la capacidad de ejecutar código mediante la creación de una expresión JSONPath maliciosa. Todos los usuarios que alojan por sí mismos una instancia son vulnerables. Este problema se solucionó en server-2024-09-25. Aquellos que siguen las versiones etiquetadas deben actualizar a `server-2024-09-25` o posterior. Aquellos que siguen la etiqueta continua en DockerHub, `docker pull shieldsio/shields:next` para actualizar a la última versión. Como workaround, bloquear el acceso a los endpoints `/badge/dynamic/json`, `/badge/dynamic/toml` y `/badge/dynamic/yaml` (por ejemplo: a través de un firewall o proxy inverso frente a su instancia) evitaría que se acceda a los endpoints explotables.

26 Sep 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-26 20:15

Updated : 2024-09-30 12:46

NVD link : CVE-2024-47180

Mitre link : CVE-2024-47180

CVE.ORG link : CVE-2024-47180

JSON object : View

Products Affected

No product.

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024