CVE-2024-36463

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36463

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36463.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36463

Downstream

DEBIAN-CVE-2024-36463

DLA-3909-1

UBUNTU-CVE-2024-36463

Published

2024-11-26T15:15:31.827Z

Modified

2026-02-05T12:40:25.221180Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

References

https://support.zabbix.com/browse/ZBX-25611

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type: GIT
Repo: https://github.com/zabbix/zabbix
Events: Introduced

49955f1fb5c9168a8a24b053f7ade6b3d903143c

Fixed

d93ce022627d3f10608b774e322cde3c961453e3

Introduced

5203d2ea7d901cd33d148f20586e2155901a7faa

Fixed

e05e6ba9dca6bac63179965db2d95b9e32a11b1b

Affected versions

6.*

6.0.0

6.0.1

6.0.10

6.0.10rc1

6.0.10rc2

6.0.11

6.0.11rc1

6.0.11rc2

6.0.12

6.0.12rc1

6.0.12rc2

6.0.13

6.0.13rc1

6.0.14

6.0.14rc1

6.0.14rc2

6.0.15

6.0.15rc1

6.0.15rc2

6.0.16

6.0.16rc1

6.0.17

6.0.17rc1

6.0.17rc2

6.0.18

6.0.18rc1

6.0.19

6.0.19rc1

6.0.1rc1

6.0.1rc2

6.0.1rc3

6.0.1rc4

6.0.2

6.0.20

6.0.20rc1

6.0.21

6.0.21rc1

6.0.22

6.0.22rc1

6.0.23

6.0.23rc1

6.0.25

6.0.25rc1

6.0.26

6.0.26rc1

6.0.27

6.0.27rc1

6.0.28

6.0.28rc1

6.0.29

6.0.29rc1

6.0.2rc1

6.0.3

6.0.30

6.0.30rc1

6.0.31

6.0.31rc1

6.0.32

6.0.32rc1

6.0.33rc1

6.0.3rc1

6.0.4

6.0.4rc1

6.0.5

6.0.5rc1

6.0.6

6.0.6rc1

6.0.7

6.0.7rc1

6.0.8

6.0.8rc1

6.0.8rc2

6.0.9

6.0.9rc1

6.0.9rc2

7.*

7.0.0

7.0.1

7.0.1rc1

7.0.1rc2

7.0.2

7.0.2rc1

7.0.2rc2

7.0.3rc1

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/zabbix/zabbix/commit/e05e6ba9dca6bac63179965db2d95b9e32a11b1b",
        "id": "CVE-2024-36463-42185414",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "digest": {
            "line_hashes": [
                "42377719247154798294649350857211914722",
                "277301446743689282564066719793421861949",
                "84053493762398819857165875037492472417",
                "134573353912766890848741256532153642229",
                "177130751556011487463321449951885775840",
                "255221815652418511241443785427600625788"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/zabbix/zabbix/commit/d93ce022627d3f10608b774e322cde3c961453e3",
        "id": "CVE-2024-36463-a11457e2",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "digest": {
            "line_hashes": [
                "292971631960556532049504012454549711983",
                "252186794054878738396089966044350430486",
                "51727231690626324161447407021898255678",
                "107830965826934551202133909220480535577",
                "316143069894320711268799956090366904009",
                "94555891543347806526180211855337423146"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36463.json"