CVE-2024-41961

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41961

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41961.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41961

Aliases

GHSA-6j2h-486h-487q

Published

2024-08-01T15:15:14Z

Modified

2025-06-13T17:59:59.946436Z

Summary

[none]

Details

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an eval sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.

References

Affected packages

Git / github.com/sap-cloud-infrastructure/elektra

Affected ranges

Type: GIT
Repo: https://github.com/sap-cloud-infrastructure/elektra
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

49aea3b365082681558bf3bf7bf4a51766cfc44d

Fixed

8bce00be93b95a6512ff68fe86bf9554e486bc02

Affected versions

2018.*

2018.0

2018.1

2018.2

2018.3

2018.4

2018.5

2018.6

2018.7

2018.8

2022.*

2022.3

rails-5.*

rails-5.2.5