CVE-2024-41961

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-41961
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41961.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-41961
Aliases
  • GHSA-6j2h-486h-487q
Published
2024-08-01T15:15:14Z
Modified
2025-06-13T17:59:59.946436Z
Summary
[none]
Details

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an eval sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.

References

Affected packages

Git / github.com/sap-cloud-infrastructure/elektra

Affected ranges

Type
GIT
Repo
https://github.com/sap-cloud-infrastructure/elektra
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2018.*

2018.0
2018.1
2018.2
2018.3
2018.4
2018.5
2018.6
2018.7
2018.8

2022.*

2022.3

rails-5.*

rails-5.2.5