CVE-2024-30471

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-30471

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30471.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-30471

Aliases

GHSA-2qph-v9p2-q2gv

Published

2024-07-17T09:15:02Z

Modified

2024-10-08T04:09:41.814730Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

https://lists.apache.org/thread/8yodrmohgcybq900or3d4hc1msl230fr

Affected packages

Git / github.com/apache/streampipes

Affected ranges

Type: GIT
Repo: https://github.com/apache/streampipes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

30cbd0bee6afb63e9378b76e46b89790dc6e5e32

Affected versions

0.*

0.60.0

0.60.1

0.61.0

0.62.0

0.63.0

0.64.0

0.65.0

release/0.*

release/0.66.0

version-0.*

version-0.55.1

version-0.55.2