CVE-2024-27292

Source
https://cve.org/CVERecord?id=CVE-2024-27292
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27292.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27292
Aliases
Published
2024-02-29T21:56:39.897Z
Modified
2026-07-08T06:13:36.575306609Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Docassemble unauthorized access through URL manipulation
Details

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27292.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-706"
    ]
}
References

Affected packages

Git / github.com/jhpyle/docassemble

Affected ranges

Type
GIT
Repo
https://github.com/jhpyle/docassemble
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:jhpyle:docassemble:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.4.53"
        },
        {
            "fixed": "1.4.97"
        }
    ]
}

Affected versions

v1.*
v1.4.53
v1.4.54
v1.4.55
v1.4.56
v1.4.57
v1.4.58
v1.4.59
v1.4.60
v1.4.61
v1.4.62
v1.4.63
v1.4.64
v1.4.65
v1.4.66
v1.4.67
v1.4.68
v1.4.69
v1.4.70
v1.4.71
v1.4.72
v1.4.73
v1.4.74
v1.4.75
v1.4.76
v1.4.77
v1.4.78
v1.4.79
v1.4.80
v1.4.81
v1.4.82
v1.4.83
v1.4.84
v1.4.85
v1.4.86
v1.4.87
v1.4.88
v1.4.89
v1.4.90
v1.4.91
v1.4.92
v1.4.93
v1.4.94
v1.4.95
v1.4.96

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27292.json"