CVE-2024-29178
CVSS V2 None
CVSS V3 None
Description
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability.
Mitigation:
all users should upgrade to 2.1.4
Overview
- CVE ID
- CVE-2024-29178
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-18T11:15:56.706Z
- Last Modified Date
- 2024-07-18T11:15:56.706Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2024/07/18/1 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-29178 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29178 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-19 13:04:38 | Added to TrackCVE |