CVE-2024-31987
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-31987
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31987.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-31987
- Aliases
- Published
- 2024-04-10T20:32:39Z
- Modified
- 2025-10-28T04:13:09.918231Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- XWiki Platform remote code execution from account via custom skins support
- Details
-
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.
- Database specific
{ "cwe_ids": [ "CWE-862" ] }- References
-
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v
- https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39
- https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2
- https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56
- https://jira.xwiki.org/browse/XWIKI-21478
Affected packages
Git / github.com/xwiki/xwiki-commons
Git / github.com/xwiki/xwiki-platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xwiki/xwiki-platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
xwiki-application-calendar-1.*
xwiki-application-calendar-1.0
xwiki-platform-7.*
xwiki-platform-7.3-milestone-2
xwiki-platform-7.4-milestone-1
xwiki-platform-7.4-milestone-2
xwiki-platform-8.*
xwiki-platform-8.0-milestone-1
xwiki-platform-8.0-milestone-2
xwiki-platform-8.1-milestone-1
xwiki-platform-8.1-milestone-2
xwiki-platform-8.2-milestone-1
xwiki-platform-8.2-milestone-2
xwiki-platform-8.3-milestone-1
xwiki-platform-9.*
xwiki-platform-9.9-rc-2
xwiki-plugin-tag-1.*
xwiki-plugin-tag-1.1
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-31987-10b8f3d7",
"signature_version": "v1",
"digest": {
"line_hashes": [
"137853416719674353210414497559944909550",
"29166595586466143103290196561440396701",
"27962313427399586723936632709943560085",
"256602814203605410997848562226010996092",
"20891093493143598683422580089758695620",
"246948114122229911501923503621690942778",
"257800635591331744963526281334040823813",
"232721121624111824347346902109381141409",
"283902169196506932145782277596687939963",
"43350383026324345258909145540658872837",
"288481945063506707654037642543444402335",
"19359971952024800086096917848019133123",
"38555795804391231521577314644363903348",
"248858750669232818607523658186131547694",
"256043208940901677539325613281629194094",
"275129746972808441404563126035076464653",
"291343476049516903506262767240809956031",
"29112383532272486362096947541614266282",
"46670543324398585527025919486585779178",
"206879769686165570987372372110071845213",
"233125043463828079831024165736977871827",
"83665135677302594411080651264654605882",
"59110861701862327351111331854595026310",
"242817595383101308654778698879593696536",
"250690583252921574947386381536366755858",
"156947290257827847506102438162283668751",
"48600620016886288935767489940222850873",
"212194744068313242852282593223118373242",
"183678169844810441324270296001642602863",
"234775404429131672491972892041251701540",
"328931988403073289216047863200579885308",
"170829821206102114707666228136867378007",
"182150473780783403154450371122631960618",
"20482770512612178433846187280203976728",
"299734484642803094469214152485819484676",
"194817626647339646289695144400547956918",
"285864611570211588971109270161430802174",
"147988173249519946810905120890342298814",
"198910306559555278211298200516159393430",
"42760891683971998287500769432715366986",
"115530886466485088881368146656473384501",
"167812098765061358105392079751263162680",
"326901514594706765838770395612453711691",
"200018349619111549302700167258585310659",
"237768029738789413331296782650036114808",
"101166768989053146758293026463071802175",
"145965635385160748808947245500740468380",
"55966831038664951465217684911425052219",
"247594967892303130582032956717670850205",
"308428030406836490943042034541208962590",
"323848967580160165588074489465599972641",
"127939232685986239390258508648685365507",
"108233995559823381944880056704543602398",
"160363620122574886795292745732104991569",
"295031596098470114845769359430997257509",
"185035514504899756877064709211743844978"
],
"threshold": 0.9
},
"source": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/render/DefaultVelocityManagerTest.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-3b1f305d",
"signature_version": "v1",
"digest": {
"length": 208.0,
"function_hash": "262623925310122088733525421671336960898"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/render/DefaultVelocityManagerTest.java",
"function": "before"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-31987-547d130b",
"signature_version": "v1",
"digest": {
"line_hashes": [
"121174310181390275505445698797136895927",
"34277736140161489015399361147067544819",
"62272166128129828382412913215595601786",
"196587760379148431648075823904787700796",
"91853146859998432910540865310362986967",
"261424991849316478252519792546739575338",
"173522166365887956399539705725348815325",
"202926890028522163323965623485987388910",
"270950634505058574568372137923300237742",
"267181163087622272183991553613107421354",
"226234234689986636015272235405739996359",
"219092182023209890479233969766072077076",
"194796617679597203510197970585330548183",
"34828799062158409010146374856063607623",
"111560819602575128186820906339342542748",
"6266893581983332832947165293665400346",
"163158097088658351790255152068046505298",
"173245891586540734638410780692483388793",
"155386555607749928410348859563366146886",
"216768724898797790209777897586225504724",
"55082930528018415316176065733635317906",
"287184087156972020729609464502334183414",
"316299248106577100104346869917591732288",
"16039172261634809689032683717431004334",
"315191601900379609454448759297063845659",
"78159838874145134555454881515346451130"
],
"threshold": 0.9
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/org/xwiki/internal/velocity/XWikiVelocityManager.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-6340940f",
"signature_version": "v1",
"digest": {
"length": 948.0,
"function_hash": "26108116625947527575579528426580159908"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/render/DefaultVelocityManager.java",
"function": "getVelocityEngine"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-31987-6d2b0314",
"signature_version": "v1",
"digest": {
"line_hashes": [
"146189731071989536956798340880196739902",
"310739239447028098765105671234380534316",
"52009712935517825132501529274369789293",
"261157546600156828182316179212332491513",
"91853146859998432910540865310362986967",
"261424991849316478252519792546739575338",
"316663541752993777931184136781387515778",
"114981041546970049580100935714772728675",
"299777750658626943246928267322202800439",
"159825362872999615020258580671290465893",
"193290101297679604748099444679964533397",
"199399517114900949874998702069195480429",
"85819947157801412237260019660837452295",
"103298764609852117631469825659443142617",
"93133123945916339308890628700092340460",
"257198679223990047655778131818938498740",
"33784898049962599526334342451421762483",
"94290706179367357699112962178868440750",
"174017238389561423526619868877073546889",
"36185742351135053116766244355600114844",
"276897831259542004261052799457512799280",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"source": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/render/DefaultVelocityManager.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-6fccefba",
"signature_version": "v1",
"digest": {
"length": 530.0,
"function_hash": "327394700977745032445853822043186284772"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/org/xwiki/internal/velocity/XWikiVelocityManager.java",
"function": "initialize"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-7c603acb",
"signature_version": "v1",
"digest": {
"length": 468.0,
"function_hash": "91915450805051259588401646404838816441"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/org/xwiki/internal/velocity/XWikiVelocityManager.java",
"function": "injectBaseMacros"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-7ebf93eb",
"signature_version": "v1",
"digest": {
"length": 178.0,
"function_hash": "220906803712991933718914799329010703331"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/org/xwiki/internal/velocity/XWikiVelocityManagerTest.java",
"function": "beforeEach"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-31987-80d9641c",
"signature_version": "v1",
"digest": {
"line_hashes": [
"146189731071989536956798340880196739902",
"310739239447028098765105671234380534316",
"52009712935517825132501529274369789293",
"261157546600156828182316179212332491513",
"91853146859998432910540865310362986967",
"261424991849316478252519792546739575338",
"316663541752993777931184136781387515778",
"114981041546970049580100935714772728675",
"299777750658626943246928267322202800439",
"159825362872999615020258580671290465893",
"193290101297679604748099444679964533397",
"199399517114900949874998702069195480429",
"85819947157801412237260019660837452295",
"103298764609852117631469825659443142617",
"93133123945916339308890628700092340460",
"257198679223990047655778131818938498740",
"33784898049962599526334342451421762483",
"94290706179367357699112962178868440750",
"174017238389561423526619868877073546889",
"36185742351135053116766244355600114844",
"276897831259542004261052799457512799280",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"source": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/render/DefaultVelocityManager.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-31987-8223f435",
"signature_version": "v1",
"digest": {
"line_hashes": [
"137853416719674353210414497559944909550",
"29166595586466143103290196561440396701",
"27962313427399586723936632709943560085",
"256602814203605410997848562226010996092",
"20891093493143598683422580089758695620",
"246948114122229911501923503621690942778",
"257800635591331744963526281334040823813",
"232721121624111824347346902109381141409",
"283902169196506932145782277596687939963",
"43350383026324345258909145540658872837",
"288481945063506707654037642543444402335",
"19359971952024800086096917848019133123",
"38555795804391231521577314644363903348",
"248858750669232818607523658186131547694",
"256043208940901677539325613281629194094",
"275129746972808441404563126035076464653",
"291343476049516903506262767240809956031",
"29112383532272486362096947541614266282",
"46670543324398585527025919486585779178",
"206879769686165570987372372110071845213",
"233125043463828079831024165736977871827",
"83665135677302594411080651264654605882",
"59110861701862327351111331854595026310",
"242817595383101308654778698879593696536",
"250690583252921574947386381536366755858",
"156947290257827847506102438162283668751",
"48600620016886288935767489940222850873",
"212194744068313242852282593223118373242",
"183678169844810441324270296001642602863",
"234775404429131672491972892041251701540",
"328931988403073289216047863200579885308",
"170829821206102114707666228136867378007",
"182150473780783403154450371122631960618",
"20482770512612178433846187280203976728",
"299734484642803094469214152485819484676",
"194817626647339646289695144400547956918",
"285864611570211588971109270161430802174",
"147988173249519946810905120890342298814",
"198910306559555278211298200516159393430",
"42760891683971998287500769432715366986",
"115530886466485088881368146656473384501",
"167812098765061358105392079751263162680",
"326901514594706765838770395612453711691",
"200018349619111549302700167258585310659",
"237768029738789413331296782650036114808",
"101166768989053146758293026463071802175",
"145965635385160748808947245500740468380",
"55966831038664951465217684911425052219",
"247594967892303130582032956717670850205",
"308428030406836490943042034541208962590",
"323848967580160165588074489465599972641",
"127939232685986239390258508648685365507",
"108233995559823381944880056704543602398",
"160363620122574886795292745732104991569",
"295031596098470114845769359430997257509",
"185035514504899756877064709211743844978"
],
"threshold": 0.9
},
"source": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/render/DefaultVelocityManagerTest.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-a2d93fb3",
"signature_version": "v1",
"digest": {
"length": 208.0,
"function_hash": "262623925310122088733525421671336960898"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/render/DefaultVelocityManagerTest.java",
"function": "before"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-b7084d9f",
"signature_version": "v1",
"digest": {
"length": 1247.0,
"function_hash": "80399419212923564274575179664129964215"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/render/DefaultVelocityManagerTest.java",
"function": "getVelocityContext"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-c9164c29",
"signature_version": "v1",
"digest": {
"length": 1247.0,
"function_hash": "80399419212923564274575179664129964215"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/render/DefaultVelocityManagerTest.java",
"function": "getVelocityContext"
}
},
{
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-31987-cd7f6951",
"signature_version": "v1",
"digest": {
"line_hashes": [
"244204443664514302379353346045396909509",
"51143179591373560558002069869939258760",
"35830348605083864677855498924980981238",
"96619712731698817525054917591368906173",
"225947036606155088485663638667533061275",
"257800635591331744963526281334040823813",
"232721121624111824347346902109381141409",
"299817941020114374398885494075455616141",
"4374598656514119766248302521054178504",
"188015816087801542538245535010045008413",
"92262876795579429971221784277362908695",
"170602437839320568711890283309732104147",
"103172412331184963711984210762926767593",
"61769728434622688402367905560291595490",
"239155114422200711252066937814210786449",
"228746186467494796300134036259496604724",
"258902021815419648168905049119943986929",
"126961189106326939768508731658499218598",
"295428602211100344275426352762318624531",
"29973314293322410879355435113587431352",
"99488483201572076344386539631828608301",
"120326394938743270970853795412322795486",
"266344285713955895037113401803271729649",
"329804238655890304157981881201785056934",
"41945847698649912705122026551406330795",
"28391751838870905994648677565847670415",
"90193164423074720855122565822627291017",
"299734484642803094469214152485819484676",
"25110906057917741044822993109498596203",
"116890663556713837689722316363327175921",
"241941714401047188157623370741334063886",
"239693144727634389549457668295488435941",
"238662039844827306374112271111427978617",
"339115459122557519805759473896561012178",
"295031596098470114845769359430997257509",
"185035514504899756877064709211743844978"
],
"threshold": 0.9
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/org/xwiki/internal/velocity/XWikiVelocityManagerTest.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-d590f5ec",
"signature_version": "v1",
"digest": {
"length": 948.0,
"function_hash": "26108116625947527575579528426580159908"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/render/DefaultVelocityManager.java",
"function": "getVelocityEngine"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-e0f1068b",
"signature_version": "v1",
"digest": {
"length": 1184.0,
"function_hash": "271094490181522773843191380936972454229"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/org/xwiki/internal/velocity/XWikiVelocityManagerTest.java",
"function": "getVelocityContext"
}
},
{
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-31987-e6ea1821",
"signature_version": "v1",
"digest": {
"length": 178.0,
"function_hash": "261958817673646506510076999208271329011"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/org/xwiki/internal/velocity/XWikiVelocityManager.java",
"function": "onEvent"
}
}
]