CVE-2024-32641

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-32641
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32641.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32641
Aliases
  • GHSA-cj9g-v5mq-qrjm
Published
2025-12-03T16:26:00.795Z
Modified
2026-04-02T10:50:47.908300Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Masa CMS Vulnerable to Pre-Auth RCE via JSON API
Details

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.

Database specific 
{
    "cwe_ids": [
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32641.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/masacms/masacms

Affected ranges

Type
GIT
Repo
https://github.com/masacms/masacms
Events
Introduced
53d53e7c120068ce1102215805238ab19027fb58
Fixed
fb10af6238e3e2e9aae8afce933ca6407d092fde
Database specific 
{
    "versions": [
        {
            "introduced": "7.4.0"
        },
        {
            "fixed": "7.4.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/masacms/masacms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2ebf767d40d04562417a0e0442d1c1988078a3c6
Fixed
98222fa3679fde99e92c2c8c721e8040426e41f6
Database specific 
{
    "versions": [
        {
            "introduced": "7.3.0"
        },
        {
            "fixed": "7.3.13"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "7.2.8"
        }
    ]
}

Affected versions

5.*
5.5
6.*
6.1.6029
6.2.6161
6.2.6527
7.*
7.0.6919
7.0.6930
7.0.6967
7.0.7029
7.1.100
7.1.101
7.1.102
7.1.103
7.1.104
7.1.105
7.1.106
7.1.107
7.1.108
7.1.109
7.1.110
7.1.111
7.1.112
7.1.113
7.1.114
7.1.115
7.1.116
7.1.117
7.1.118
7.1.119
7.1.120
7.1.121
7.1.122
7.1.123
7.1.124
7.1.125
7.1.126
7.1.127
7.1.128
7.1.129
7.1.130
7.1.131
7.1.132
7.1.133
7.1.134
7.1.135
7.1.136
7.1.137
7.1.138
7.1.139
7.1.140
7.1.142
7.1.143
7.1.144
7.1.145
7.1.146
7.1.147
7.1.148
7.1.149
7.1.150
7.1.151
7.1.152
7.1.153
7.1.154
7.1.155
7.1.156
7.1.157
7.1.158
7.1.159
7.1.160
7.1.161
7.1.162
7.1.163
7.1.164
7.1.165
7.1.166
7.1.167
7.1.168
7.1.169
7.1.170
7.1.171
7.1.172
7.1.173
7.1.174
7.1.175
7.1.176
7.1.177
7.1.178
7.1.179
7.1.180
7.1.181
7.1.182
7.1.183
7.1.184
7.1.185
7.1.186
7.1.187
7.1.188
7.1.189
7.1.190
7.1.191
7.1.192
7.1.193
7.1.194
7.1.195
7.1.196
7.1.197
7.1.198
7.1.199
7.1.200
7.1.201
7.1.202
7.1.203
7.1.204
7.1.205
7.1.206
7.1.207
7.1.208
7.1.209
7.1.210
7.1.211
7.1.212
7.1.213
7.1.214
7.1.215
7.1.216
7.1.217
7.1.218
7.1.219
7.1.220
7.1.221
7.1.222
7.1.223
7.1.224
7.1.225
7.1.226
7.1.227
7.1.228
7.1.229
7.1.230
7.1.231
7.1.232
7.1.233
7.1.234
7.1.235
7.1.236
7.1.237
7.1.238
7.1.239
7.1.240
7.1.241
7.1.242
7.1.243
7.1.244
7.1.245
7.1.246
7.1.247
7.1.248
7.1.249
7.1.250
7.1.251
7.1.252
7.1.253
7.1.254
7.1.255
7.1.256
7.1.257
7.1.258
7.1.259
7.1.260
7.1.261
7.1.262
7.1.263
7.1.264
7.1.265
7.1.266
7.1.267
7.1.268
7.1.269
7.1.271
7.1.272
7.1.273
7.1.274
7.1.275
7.1.276
7.1.278
7.1.279
7.1.280
7.1.281
7.1.282
7.1.283
7.1.284
7.1.285
7.1.286
7.1.287
7.1.288
7.1.289
7.1.290
7.1.291
7.1.292
7.1.293
7.1.294
7.1.295
7.1.296
7.1.297
7.1.298
7.1.299
7.1.300
7.1.301
7.1.302
7.1.303
7.1.304
7.1.305
7.1.306
7.1.307
7.1.308
7.1.309
7.1.310
7.1.311
7.1.312
7.1.313
7.1.315
7.1.316
7.1.317
7.1.318
7.1.319
7.1.320
7.1.321
7.1.322
7.1.323
7.1.324
7.1.325
7.1.326
7.1.327
7.1.328
7.1.329
7.1.330
7.1.331
7.1.332
7.1.333
7.1.334
7.1.335
7.1.336
7.1.337
7.1.338
7.1.339
7.1.340
7.1.341
7.1.342
7.1.343
7.1.344
7.1.345
7.1.346
7.1.347
7.1.348
7.1.349
7.1.350
7.1.351
7.1.352
7.1.353
7.1.354
7.1.355
7.1.356
7.1.357
7.1.358
7.1.359
7.1.360
7.1.361
7.1.362
7.1.363
7.1.364
7.1.365
7.1.366
7.1.367
7.1.368
7.1.369
7.1.370
7.1.371
7.1.372
7.1.373
7.1.374
7.1.375
7.1.376
7.1.377
7.1.378
7.1.379
7.1.380
7.1.381
7.1.382
7.1.383
7.1.384
7.1.385
7.1.386
7.1.387
7.1.389
7.1.390
7.1.391
7.1.392
7.1.393
7.1.394
7.1.395
7.1.396
7.1.397
7.1.398
7.1.399
7.1.401
7.1.402
7.1.403
7.1.404
7.1.405
7.1.406
7.1.407
7.1.408
7.1.409
7.1.410
7.1.411
7.1.412
7.1.413
7.1.414
7.1.415
7.1.416
7.1.417
7.1.418
7.1.419
7.1.420
7.1.421
7.1.422
7.1.423
7.1.424
7.1.425
7.1.426
7.1.427
7.1.428
7.1.429
7.1.430
7.1.431
7.1.432
7.1.433
7.1.434
7.1.435
7.1.436
7.1.437
7.1.438
7.1.439
7.1.440
7.1.441
7.1.442
7.1.443
7.1.444
7.1.445
7.1.446
7.1.447
7.1.448
7.1.449
7.1.450
7.1.451
7.1.452
7.1.454
7.1.455
7.1.456
7.1.457
7.1.458
7.1.459
7.1.460
7.1.461
7.1.462
7.1.463
7.1.464
7.1.465
7.1.466
7.1.467
7.1.468
7.1.469
7.1.470
7.1.471
7.1.472
7.1.473
7.1.474
7.1.475
7.1.476
7.1.477
7.1.478
7.1.479
7.1.480
7.1.481
7.1.482
7.1.483
7.1.484
7.1.485
7.1.486
7.1.487
7.1.488
7.1.489
7.1.490
7.1.491
7.1.492
7.1.493
7.1.494
7.1.495
7.1.496
7.1.497
7.1.498
7.1.499
7.1.500
7.1.501
7.1.502
7.1.503
7.1.504
7.1.505
7.1.71
7.1.72
7.1.73
7.1.74
7.1.75
7.1.76
7.1.77
7.1.78
7.1.79
7.1.80
7.1.81
7.1.82
7.1.83
7.1.84
7.1.85
7.1.86
7.1.87
7.1.88
7.1.89
7.1.90
7.1.91
7.1.92
7.1.93
7.1.94
7.1.95
7.1.96
7.1.97
7.1.98
7.1.99
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.2.7
7.3
7.3.1
7.3.10
7.3.11
7.3.12
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
7.4.0
7.4.0-alpha.1
7.4.0-alpha.2
7.4.0-beta.1
7.4.0-beta.2
7.4.0-beta.3
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.4.7
7.4.8
7.4.9
7.5.0
7.5.1
7.5.2
v7.*
v7.0.7029

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32641.json"