GHSA-wccg-v638-j9q2

Source

https://github.com/advisories/GHSA-wccg-v638-j9q2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wccg-v638-j9q2/GHSA-wccg-v638-j9q2.json

Aliases

• CVE-2024-33396

Published

2024-05-02T21:30:29Z

Modified

2024-05-03T20:43:32.675090Z

Summary

karmada vulnerable to arbitrary code execution via a crafted command

Details

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-33396
• https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50
• https://github.com/karmada-io/karmada