CVE-2024-45387

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45387

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45387.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45387

Aliases

Related

Published

2024-12-23T16:15:06Z

Modified

2025-02-12T01:55:08.163058Z

Downstream

openSUSE-SU-2025:14624-1

SUSE-SU-2025:0060-1

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.

Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.

References

Affected packages

Git / github.com/apache/trafficcontrol

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficcontrol
Events: Introduced

21907895d39c429dfa9795d1f36717f206a4cf4b

Fixed

7cc23eb95a7fe9b9e679d86d6645b97ce96a4094

Affected versions

RELEASE-8.*

RELEASE-8.0.0

RELEASE-8.0.1

RELEASE-8.0.1-RC0

RELEASE-8.0.1-RC1

RELEASE-8.0.2-RC0

v8.*

v8.0.0

v8.0.1

v8.0.1-rc0

v8.0.1-rc1

v8.0.2-rc0