CVE-2024-47759

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47759
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47759.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47759
Aliases
  • GHSA-474f-9vpp-xxq5
Related
Published
2024-11-15T18:15:28Z
Modified
2025-01-24T02:12:12.613978Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17.

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type
GIT
Repo
https://github.com/glpi-project/glpi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.90
0.90-RC1
0.90-RC2
0.90-beta1
0.90-beta2
0.90.1

10.*

10.0.0
10.0.0-beta
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.1
10.0.10
10.0.11
10.0.12
10.0.13
10.0.14
10.0.15
10.0.16
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9

9.*

9.1
9.1-RC1
9.1-RC2
9.3-beta
9.4.0
9.4.0-beta
9.4.0-rc1
9.4.0-rc2
9.4.1
9.4.1.1
9.4.2
9.4.3
9.4.4
9.4.5
9.4.6
9.5.0
9.5.0-rc1
9.5.0-rc2
9.5.1
9.5.2
9.5.3
9.5.4
9.5.5
9.5.6
9.5.7