CVE-2024-42167

CVSS V2 None CVSS V3 None
Description
The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname.
Overview
  • CVE ID
  • CVE-2024-42167
  • Assigner
  • CyberDanube
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-12T11:38:35.988Z
  • Last Modified Date
  • 2024-08-12T14:20:39.285Z
History
Created Old Value New Value Data Type Notes
2024-08-13 13:08:31 Added to TrackCVE