CVE-2024-23538

Source
https://cve.org/CVERecord?id=CVE-2024-23538
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23538.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23538
Published
2024-03-29T14:37:40.374Z
Modified
2026-07-15T02:10:55.171436694Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
Summary
Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.

Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

Database specific
{
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "1.8.5"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23538.json"
}
References

Affected packages

Git / github.com/apache/fineract

Affected ranges

Type
GIT
Repo
https://github.com/apache/fineract
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.9.0"
        }
    ],
    "cpe": "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*"
}

Affected versions

1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.5.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23538.json"