CVE-2024-31411

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31411

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31411.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-31411

Aliases

GHSA-6523-jf4r-c962

Published

2024-07-17T10:15:01Z

Modified

2024-10-08T04:10:06.898920Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt

Affected packages

Git / github.com/apache/streampipes

Affected ranges

Type: GIT
Repo: https://github.com/apache/streampipes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

30cbd0bee6afb63e9378b76e46b89790dc6e5e32

Affected versions

0.*

0.60.0

0.60.1

0.61.0

0.62.0

0.63.0

0.64.0

0.65.0

release/0.*

release/0.66.0

version-0.*

version-0.55.1

version-0.55.2