CVE-2024-42166

CVSS V2 None CVSS V3 None
Description
The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.
Overview
  • CVE ID
  • CVE-2024-42166
  • Assigner
  • CyberDanube
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-12T11:36:28.386Z
  • Last Modified Date
  • 2024-08-12T13:46:39.901Z
History
Created Old Value New Value Data Type Notes
2024-08-13 13:10:35 Added to TrackCVE