CVE-2024-38363

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-38363

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38363.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-38363

Aliases

GHSA-4j3c-fgvx-xgqq

Published

2024-07-09T14:10:47.792Z

Modified

2026-04-10T06:11:06.063229Z

Severity

8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte

Details

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1336"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38363.json"
}

References

Affected packages

Git / github.com/airbytehq/airbyte

Affected ranges

Type

GIT

Repo

https://github.com/airbytehq/airbyte

Events

Introduced

Fixed

d2e4cd4cb6b7f3169475aa711b79ff522ab90709

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.62.2"
        }
    ]
}

Affected versions

java-cdk-0.*

java-cdk-0.28.0

Other

list

v0.*

v0.1.0-alpha

v0.10.0-alpha

v0.11.0-alpha

v0.11.1-alpha

v0.11.2-alpha

v0.12.0-alpha

v0.12.1-alpha

v0.13.0-alpha

v0.13.1-alpha

v0.14.0-alpha

v0.14.1-alpha

v0.14.2-alpha

v0.14.3-alpha

v0.14.4-alpha

v0.15.0-alpha

v0.16.0-alpha

v0.16.1-alpha

v0.17.0-alpha

v0.17.1-alpha

v0.17.2-alpha

v0.18.0-alpha

v0.18.1-alpha

v0.18.2-alpha

v0.2.0-alpha

v0.20.0-alpha

v0.21.0-alpha

v0.21.1-alpha

v0.22

v0.22.0-alpha

v0.22.1-alpha

v0.22.2-alpha

v0.22.3-alpha

v0.23.0-alpha

v0.24.0-alpha

v0.24.1-alpha

v0.24.2-alpha

v0.24.3-alpha

v0.24.4-alpha

v0.24.5-alpha

v0.24.6-alpha

v0.24.7-alpha

v0.24.8-alpha

v0.25.0-alpha

v0.26.0-alpha

v0.26.1-alpha

v0.26.2-alpha

v0.26.3-alpha

v0.26.4-alpha

v0.27.0-alpha

v0.27.1-alpha

v0.27.2-alpha

v0.27.3-alpha

v0.27.4-alpha

v0.27.5-alpha

v0.28.0-alpha

v0.28.1

v0.28.1-alpha

v0.28.2-alpha

v0.29.0-alpha

v0.29.1-alpha

v0.29.10-alpha

v0.29.11-alpha

v0.29.12-alpha

v0.29.13-alpha

v0.29.14-alpha

v0.29.15-alpha

v0.29.16-alpha

v0.29.17-alpha

v0.29.18-alpha

v0.29.19-alpha

v0.29.2-alpha

v0.29.20-alpha

v0.29.21-alpha

v0.29.22-alpha

v0.29.3-alpha

v0.29.4-alpha

v0.29.5-alpha

v0.29.8-alpha

v0.29.9

v0.29.9-alpha

v0.3.0-alpha

v0.30.0-alpha

v0.30.1-alpha

v0.30.10-alpha

v0.30.11-alpha

v0.30.12-alpha

v0.30.13-alpha

v0.30.14-alpha

v0.30.15-alpha

v0.30.16-alpha

v0.30.17-alpha

v0.30.18-alpha

v0.30.19-alpha

v0.30.2-alpha

v0.30.20-alpha

v0.30.21-alpha

v0.30.22-alpha

v0.30.23-alpha

v0.30.24-alpha

v0.30.25-alpha

v0.30.26-alpha

v0.30.27-alpha

v0.30.28-alpha

v0.30.29-alpha

v0.30.3-alpha

v0.30.30-alpha

v0.30.31-alpha

v0.30.32-alpha

v0.30.33-alpha

v0.30.34-alpha

v0.30.35-alpha

v0.30.36-alpha

v0.30.37-alpha

v0.30.38-alpha

v0.30.39-alpha

v0.30.4-alpha

v0.30.5-alpha

v0.30.6-alpha

v0.30.7-alpha

v0.30.8-alpha

v0.30.9-alpha

v0.31.0-alpha

v0.32.0-alpha

v0.32.1-alpha

v0.32.10-alpha

v0.32.11-alpha

v0.32.2-alpha

v0.32.3-alpha

v0.32.4-alpha

v0.32.5-alpha

v0.32.6-alpha

v0.32.7-alpha

v0.32.8-alpha

v0.32.9-alpha

v0.33.0-alpha

v0.33.1-alpha

v0.33.10-alpha

v0.33.11-alpha

v0.33.12-alpha

v0.33.2-alpha

v0.33.3-alpha

v0.33.4-alpha

v0.33.5-alpha

v0.33.6-alpha

v0.33.7-alpha

v0.33.8-alpha

v0.33.9-alpha

v0.34.0-alpha

v0.34.1-alpha

v0.34.2-alpha

v0.34.3-alpha

v0.34.4-alpha

v0.35.0-alpha

v0.35.1-alpha

v0.35.10-alpha

v0.35.11-alpha

v0.35.12-alpha

v0.35.13-alpha

v0.35.14-alpha

v0.35.15-alpha

v0.35.16-alpha

v0.35.17-alpha

v0.35.18-alpha

v0.35.19-alpha

v0.35.2-alpha

v0.35.20-alpha

v0.35.21-alpha

v0.35.22-alpha

v0.35.23-alpha

v0.35.24-alpha

v0.35.25-alpha

v0.35.26-alpha

v0.35.27-alpha

v0.35.28-alpha

v0.35.29-alpha

v0.35.3-alpha

v0.35.30-alpha

v0.35.31-alpha

v0.35.32-alpha

v0.35.33-alpha

v0.35.34-alpha

v0.35.35-alpha

v0.35.36-alpha

v0.35.37-alpha

v0.35.38-alpha

v0.35.39-alpha

v0.35.4-alpha

v0.35.40-alpha

v0.35.41-alpha

v0.35.42-alpha

v0.35.43-alpha

v0.35.44-alpha

v0.35.45-alpha

v0.35.46-alpha

v0.35.47-alpha

v0.35.48-alpha

v0.35.49-alpha

v0.35.5-alpha

v0.35.50-alpha

v0.35.51-alpha

v0.35.52-alpha

v0.35.53-alpha

v0.35.54-alpha

v0.35.55-alpha

v0.35.56-alpha

v0.35.57-alpha

v0.35.58-alpha

v0.35.59-alpha

v0.35.6-alpha

v0.35.60-alpha

v0.35.61-alpha

v0.35.62-alpha

v0.35.63-alpha

v0.35.64-alpha

v0.35.65-alpha

v0.35.66-alpha

v0.35.67-alpha

v0.35.68-alpha

v0.35.7-alpha

v0.35.8-alpha

v0.35.9-alpha

v0.36.0-alpha

v0.36.1-alpha

v0.36.10-alpha

v0.36.11-alpha

v0.36.2-alpha

v0.36.3-alpha

v0.36.4-alpha

v0.36.5-alpha

v0.36.6-alpha

v0.36.7-alpha

v0.36.8-alpha

v0.36.9-alpha

v0.37.0-alpha

v0.37.1-alpha

v0.38.0-alpha

v0.38.1-alpha

v0.38.2-alpha

v0.38.3-alpha

v0.38.4-alpha

v0.39.0-alpha

v0.39.1-alpha

v0.39.10-alpha

v0.39.11-alpha

v0.39.12-alpha

v0.39.13-alpha

v0.39.14-alpha

v0.39.15-alpha

v0.39.16-alpha

v0.39.17-alpha

v0.39.18-alpha

v0.39.19-alpha

v0.39.2-alpha

v0.39.20-alpha

v0.39.21-alpha

v0.39.22-alpha

v0.39.23-alpha

v0.39.24-alpha

v0.39.25-alpha

v0.39.26-alpha

v0.39.27-alpha

v0.39.28-alpha

v0.39.29-alpha

v0.39.3-alpha

v0.39.30-alpha

v0.39.31-alpha

v0.39.32-alpha

v0.39.33-alpha

v0.39.34-alpha

v0.39.35-alpha

v0.39.36-alpha

v0.39.37-alpha

v0.39.38-alpha

v0.39.39-alpha

v0.39.4-alpha

v0.39.40-alpha

v0.39.41-alpha

v0.39.42-alpha

v0.39.5-alpha

v0.39.6-alpha

v0.39.7-alpha

v0.39.8-alpha

v0.39.9-alpha

v0.4.0-alpha

v0.40.0-alpha

v0.40.1

v0.40.10

v0.40.11

v0.40.12

v0.40.13

v0.40.14

v0.40.15

v0.40.16

v0.40.17

v0.40.18

v0.40.18-helm

v0.40.19

v0.40.2

v0.40.20

v0.40.21

v0.40.22

v0.40.23

v0.40.24

v0.40.25

v0.40.26

v0.40.27

v0.40.28

v0.40.29

v0.40.3

v0.40.30

v0.40.31

v0.40.32

v0.40.4

v0.40.5

v0.40.6

v0.40.7

v0.40.8

v0.40.9

v0.41.0

v0.42.0

v0.42.1

v0.43.0

v0.43.1

v0.43.2

v0.44.0

v0.44.1

v0.44.12

v0.44.2

v0.44.3

v0.44.4

v0.5.0-alpha

v0.5.3-alpha

v0.50.0

v0.50.1

v0.50.10

v0.50.11

v0.50.12

v0.50.13

v0.50.14

v0.50.15

v0.50.16

v0.50.17

v0.50.18

v0.50.19

v0.50.2

v0.50.20

v0.50.21

v0.50.3

v0.50.31

v0.50.32

v0.50.33

v0.50.34

v0.50.35

v0.50.36

v0.50.37

v0.50.38

v0.50.39

v0.50.4

v0.50.40

v0.50.41

v0.50.42

v0.50.43

v0.50.44

v0.50.45

v0.50.46

v0.50.47

v0.50.48

v0.50.49

v0.50.5

v0.50.50

v0.50.51

v0.50.52

v0.50.53

v0.50.54

v0.50.6

v0.50.7

v0.50.8

v0.50.9

v0.51.0

v0.52.0

v0.52.1

v0.53.0

v0.53.1

v0.54.0

v0.55.0

v0.55.1

v0.55.2

v0.56.0

v0.57.0

v0.57.1

v0.57.2

v0.57.3

v0.57.4

v0.58.0

v0.58.1

v0.59.0

v0.59.1

v0.6.0-alpha

v0.6.2-alpha

v0.60.0

v0.60.1

v0.61.0

v0.62.0

v0.62.1

v0.8.0-alpha

v0.9.0-alpha

v0.9.1-alpha

v0.9.2-alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38363.json"