CVE-2024-10141

Source
https://cve.org/CVERecord?id=CVE-2024-10141
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10141.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10141
Published
2024-10-19T15:00:07.186Z
Modified
2026-07-15T01:48:53.068254396Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
jsbroks COCO Annotator Session predictable state
Details

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-341"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10141.json"
}
References

Affected packages

Git / github.com/jsbroks/coco-annotator

Affected ranges

Type
GIT
Repo
https://github.com/jsbroks/coco-annotator
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0.11.1"
        },
        {
            "last_affected": "0.11.1"
        }
    ],
    "cpe": "cpe:2.3:a:jsbroks:coco_annotator:0.11.1:*:*:*:*:*:*:*"
}

Affected versions

0.*
0.11.1
v0.*
v0.11.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10141.json"