CVE-2024-1920

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-1920
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1920.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-1920
Published
2024-02-27T14:15:27Z
Modified
2025-01-15T05:05:12.910617Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.

References

Affected packages

Git / github.com/osuuu/lightpicture

Affected ranges

Type
GIT
Repo
https://github.com/osuuu/lightpicture
Events

Affected versions

v1.*

v1.2.0
v1.2.1
v1.2.2