The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server.
The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.
References
Link | Resource |
---|---|
https://cert.pl/en/posts/2024/06/CVE-2024-4748 | Third Party Advisory |
https://cert.pl/posts/2024/06/CVE-2024-4748 | Third Party Advisory |
https://github.com/jan-vandenberg/cruddiy/issues/67 | Issue Tracking |
Configurations
History
26 Jun 2024, 14:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
J11g cruddiy
J11g |
|
References | () https://cert.pl/en/posts/2024/06/CVE-2024-4748 - Third Party Advisory | |
References | () https://cert.pl/posts/2024/06/CVE-2024-4748 - Third Party Advisory | |
References | () https://github.com/jan-vandenberg/cruddiy/issues/67 - Issue Tracking | |
CPE | cpe:2.3:a:j11g:cruddiy:*:*:*:*:*:*:*:* |
24 Jun 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-24 14:15
Updated : 2024-06-26 14:07
NVD link : CVE-2024-4748
Mitre link : CVE-2024-4748
CVE.ORG link : CVE-2024-4748
JSON object : View
Products Affected
j11g
- cruddiy