CVE-2024-47180

🗓️ 26 Sep 2024 19:21:04Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 40 Views🌐 WEB

Shields.io service vulnerability on server-2024-09-2

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-47180	26 Sep 202423:01	–	circl
CNNVD	Shields 注入漏洞	26 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges	26 Sep 202419:21	–	cvelist
EUVD	EUVD-2024-42301	3 Oct 202520:07	–	euvd
NVD	CVE-2024-47180	26 Sep 202420:15	–	nvd
OSV	CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges	26 Sep 202419:21	–	osv
Positive Technologies	PT-2024-32462 · Jsonpath +1 · Jsonpath +1	26 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-47180	5 Feb 202508:19	–	redhatcve
Vulnrichment	CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges	26 Sep 202419:21	–	vulnrichment

Vulners

Vulnrichment

Node

badges shieldsRange<2024-09-25

[
  {
    "vendor": "badges",
    "product": "shields",
    "versions": [
      {
        "version": "< server-2024-09-25",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/badges/shields/pull/10551
github	www.github.com/badges/shields/issues/10553
github	www.github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445
github	www.github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2

Parameter	Position	Path	Description	CWE
expression	request body	/badge/dynamic/json	Remote code execution via malicious JSONPath expression in Dynamic JSON badge endpoint	CWE-74
expression	request body	/badge/dynamic/toml	Remote code execution via malicious JSONPath expression in Dynamic TOML badge endpoint	CWE-74
expression	request body	/badge/dynamic/yaml	Remote code execution via malicious JSONPath expression in Dynamic YAML badge endpoint	CWE-74

15 Apr 2026 00:35Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

EPSS0.03964

SSVC

CWE-74