CVE-2024-8374

{"id": "CVE-2024-8374", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-09-03T10:15:06.483", "references": [{"url": "https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50", "tags": ["Patch"], "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases."}, {"lang": "es", "value": "Las versiones 5.7.0-beta.1 a 5.7.2 del segmentador de datos UltiMaker Cura son vulnerables a la inyecci\u00f3n de c\u00f3digo a trav\u00e9s del lector de formato 3MF (/plugins/ThreeMFReader.py). La vulnerabilidad surge del manejo inadecuado de la propiedad drop_to_buildplate dentro de los archivos 3MF, que son archivos ZIP que contienen los datos del modelo. Cuando se carga un archivo 3MF en Cura, el valor de la propiedad drop_to_buildplate se pasa a la funci\u00f3n eval() de Python sin la desinfecci\u00f3n adecuada, lo que permite que un atacante ejecute c\u00f3digo arbitrario mediante la creaci\u00f3n de un archivo 3MF malicioso. Esta vulnerabilidad plantea un riesgo significativo, ya que los archivos 3MF se comparten com\u00fanmente a trav\u00e9s de bases de datos de modelos 3D."}], "lastModified": "2024-09-16T16:44:42.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ultimaker:ultimaker_cura:5.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB92243F-31BA-4020-A14D-354230251254"}, {"criteria": "cpe:2.3:a:ultimaker:ultimaker_cura:5.7.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28239F08-C811-4286-810D-CA5CCAADA3BE"}, {"criteria": "cpe:2.3:a:ultimaker:ultimaker_cura:5.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9150AD1A-1B73-488F-BE15-504E91E69102"}, {"criteria": "cpe:2.3:a:ultimaker:ultimaker_cura:5.7.2:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2BEA10C-907D-4B91-B08F-CEA364CBB9EC"}, {"criteria": "cpe:2.3:a:ultimaker:ultimaker_cura:5.8.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC88948-923C-4604-81BE-815410DA96D5"}, {"criteria": "cpe:2.3:a:ultimaker:ultimaker_cura:5.8.0:beta1_rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A32F58EA-6F2A-4006-8FCA-F725724CB7B5"}, {"criteria": "cpe:2.3:a:ultimaker:ultimaker_cura:5.8.0:beta1_rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C591DCBA-75E4-4967-A588-4DE17BE330BA"}], "operator": "OR"}]}], "sourceIdentifier": "596c5446-0ce5-4ba2-aa66-48b3b757a647"}