CVE-2024-24042
- Source
- https://cve.org/CVERecord?id=CVE-2024-24042
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24042.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-24042
- Aliases
- Published
- 2024-03-19T07:15:09.097Z
- Modified
- 2026-04-12T08:04:00.576699Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component.
- References
Affected packages
Git / github.com/ueaj-kerman/arrp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ueaj-kerman/arrp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/ueaj-kerman/arrp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24042.json"
vanir_signatures_modified
"2026-04-12T08:04:00Z"
vanir_signatures
[
{
"target": {
"file": "src/test/java/test/RRPPreTest.java"
},
"id": "CVE-2024-24042-2ca3d402",
"source": "https://github.com/ueaj-kerman/arrp/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"156303282403943905558692888444192852503",
"93687705473999988973560996377988987772",
"213580746361505209026155417043751835230",
"290340903102340463538326395524160422532",
"275971354451233924108173567178944229652",
"253755492120496642504944600855353880705",
"177753134633381214876515088079828298959",
"68767942209307575907066076284291039386",
"193324512269284827062157164124057265623",
"114514006178859512638631431474415730111",
"40625661714427887460982156996514163429",
"25590748101079017766741202213374083236",
"207735767762306001334355604933116207642"
]
},
"signature_version": "v1"
},
{
"target": {
"file": "src/test/java/test/RRPPreTest.java",
"function": "main"
},
"id": "CVE-2024-24042-34cff03f",
"source": "https://github.com/ueaj-kerman/arrp/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 2367.0,
"function_hash": "381664525646903467431763584147565958"
},
"signature_version": "v1"
},
{
"target": {
"file": "src/main/java/net/devtech/arrp/impl/RuntimeResourcePackImpl.java",
"function": "write"
},
"id": "CVE-2024-24042-44bc9e73",
"source": "https://github.com/ueaj-kerman/arrp/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 523.0,
"function_hash": "51369072524188417061316166231937360893"
},
"signature_version": "v1"
},
{
"target": {
"file": "src/main/java/net/devtech/arrp/impl/RuntimeResourcePackImpl.java"
},
"id": "CVE-2024-24042-95bb152b",
"source": "https://github.com/ueaj-kerman/arrp/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"152643010200525897383046500222142670874",
"106165349731854393744400221664498035586",
"63175273902996847938714157596462983000",
"257948540610188372314959888527700021809",
"246928414254965282716247982302616259380",
"212289575808754624957006788463471862884",
"178120654052026446053009711328944810804",
"142056000303700432568898834471312065223"
]
},
"signature_version": "v1"
},
{
"target": {
"file": "src/main/java/net/devtech/arrp/impl/RuntimeResourcePackImpl.java",
"function": "dumpDirect"
},
"id": "CVE-2024-24042-af045847",
"source": "https://github.com/ueaj-kerman/arrp/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b",
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 973.0,
"function_hash": "67402824737179656251066938906196122193"
},
"signature_version": "v1"
}
]