GHSA-x9r9-48rm-4xm6

Suggest an improvement
Source
https://github.com/advisories/GHSA-x9r9-48rm-4xm6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-x9r9-48rm-4xm6/GHSA-x9r9-48rm-4xm6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x9r9-48rm-4xm6
Aliases
  • CVE-2024-28125
Published
2024-03-18T09:30:30Z
Modified
2024-08-29T21:25:15.051892Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FitNesse allows execution of arbitrary OS commands
Details

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands.

Database specific 
{
    "nvd_published_at": "2024-03-18T08:15:06Z",
    "cwe_ids": [
        "CWE-77"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-29T18:02:50Z"
}
References

Affected packages

Maven / org.fitnesse:fitnesse

Package

Name
org.fitnesse:fitnesse
View open source insights on deps.dev
Purl
pkg:maven/org.fitnesse/fitnesse

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
20240707

Affected versions

Other

20050731
20060719
20070619
20080702
20080812
20081201
20111025
20121220
20130530
20130531
20131109
20131110
20140201
20140418
20140623
20140630
20140901
20150114
20150226
20150424
20150814
20151230
20160515
20160618
20161106
20171210
20171212
20180127
20181221
20181223
20181224
20190110
20190118
20190119
20190127
20190202
20190216
20190224
20190406
20190409
20190416
20190417
20190418
20190421
20190428
20190508
20190620
20190628
20190716
20191110
20191217
20191229
20200108
20200128
20200205
20200304
20200307
20200308
20200404
20200501
20201213
20210410
20210516
20210605
20210606
20211006
20211030
20220319
20220815
20221102
20221219
20230503
20231029
20231203
20240219
20240707