CVE-2024-41961

CVSS V2 None CVSS V3 None
Description
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.
Overview
  • CVE ID
  • CVE-2024-41961
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-01T14:33:46.684Z
  • Last Modified Date
  • 2024-08-01T14:33:46.684Z
History
Created Old Value New Value Data Type Notes
2024-08-02 13:07:54 Added to TrackCVE