Lucene search

[email protected]CVE-2024-28886

HistoryMay 28, 2024 - 3:15 a.m.

CVE-2024-28886

2024-05-2803:15:08

CWE-94

[email protected]

web.nvd.nist.gov

cve-2024-28886

utau

command injection

vulnerability

project file

nvd

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be executed.

Affected configurations

Vulners

Node

ameya\/ayameutauRange<0.4.19

CNA Affected

[
  {
    "vendor": "ameya/ayame",
    "product": "UTAU",
    "versions": [
      {
        "version": "prior to v0.4.19",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN71404925/

utau2008.xrea.jp/

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-28886

vulnrichment1 cvelist1 nvd1 jvn1