CVE-2024-57971

Source
https://cve.org/CVERecord?id=CVE-2024-57971
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57971.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-57971
Published
2025-02-16T04:15:23.077Z
Modified
2026-04-12T22:13:21.158422Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.

References

Affected packages

Git / github.com/KnowageLabs/Knowage-Server

Affected ranges

Type
GIT
Repo
https://github.com/KnowageLabs/Knowage-Server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.1.30"
        }
    ]
}
Type
GIT
Repo
https://github.com/knowagelabs/knowage-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v7.*
v7.0.0-RC
v7.2.0
v7.2.0-2020-04-06
v8.*
v8.1.0
v8.1.1
v8.1.10
v8.1.11
v8.1.12
v8.1.15
v8.1.16
v8.1.17
v8.1.18
v8.1.19
v8.1.2
v8.1.20
v8.1.21
v8.1.22
v8.1.23
v8.1.24
v8.1.25
v8.1.26
v8.1.27
v8.1.28
v8.1.29
v8.1.3
v8.1.6
v8.1.7
v8.1.8
v8.1.9

Database specific

vanir_signatures
[
    {
        "digest": {
            "length": 869.0,
            "function_hash": "59208488101516746507752381081054875896"
        },
        "target": {
            "file": "knowage-core/src/main/java/it/eng/spagobi/api/v2/DataSourceResource.java",
            "function": "postDataSource"
        },
        "id": "CVE-2024-57971-4eadec64",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/knowagelabs/knowage-server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "134497073326559177954244526696616605192",
                "107570737580561449693877492859155689019",
                "91540732585642016803079315374272185854",
                "64320293172756396265364199694787404446",
                "298435162741456322691828724564236575797",
                "71048550839281177856378238942711019002",
                "5672213252276913936398936406620873272",
                "138668927881092645776605727543087135254",
                "147759593515438261541963726359283959707",
                "321929858379957575696494799824570006084",
                "130567396218714385648059443147177640367",
                "189803273201454343178951852002988221661",
                "41628062898856148088259240450128139830",
                "136920129070524813425826578162467061118",
                "43416712011744053982082218595424555538"
            ]
        },
        "target": {
            "file": "knowage-core/src/main/java/it/eng/spagobi/api/v2/DataSourceResource.java"
        },
        "id": "CVE-2024-57971-a622e02d",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/knowagelabs/knowage-server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c"
    },
    {
        "digest": {
            "length": 748.0,
            "function_hash": "278863201325447679562936925513585986691"
        },
        "target": {
            "file": "knowage-core/src/main/java/it/eng/spagobi/api/v2/DataSourceResource.java",
            "function": "putDataSource"
        },
        "id": "CVE-2024-57971-fe1416b2",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/knowagelabs/knowage-server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c"
    }
]
vanir_signatures_modified
"2026-04-12T22:13:21Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57971.json"