CVE-2024-53678

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-53678

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53678.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-53678

Published

2025-03-25T10:15:13.303Z

Modified

2026-04-10T05:19:34.114635Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by the attacker.

This issue affects all versions of Apache VCL from 2.2 through 2.5.1.

Users are recommended to upgrade to version 2.5.2, which fixes the issue.

References

Affected packages

Git / github.com/apache/vcl

Affected ranges

Type

GIT

Repo

https://github.com/apache/vcl

Events

Introduced

65a780d24ceeb23aae4686273589a7e59c42dd34

Last affected

80d9db4172b9c08507093d8d44d51c32f1eadf19

Database specific

{
    "versions": [
        {
            "introduced": "2.2"
        },
        {
            "last_affected": "2.5.1."
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53678.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2.2"
            },
            {
                "fixed": "2.5.2"
            }
        ]
    }
]