Lucene search

ApacheCVELIST:CVE-2024-31411

HistoryJul 17, 2024 - 9:22 a.m.

CVE-2024-31411 Apache StreamPipes: Potential remote code execution (RCE) via file upload

2024-07-1709:22:08

CWE-434

apache

www.cve.org

cve-2024-31411

apache streampipes

remote code execution

file upload

vulnerability

unrestricted upload

dangerous type

authenticated users

authorized users

upgrade

version 0.95.0

EPSS

0.001

Percentile

39.9%

JSON

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.
Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).
The unrestricted upload is only possible for authenticated and authorized users.
This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache StreamPipes",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "0.93.0",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]

References

lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt

EPSS

0.001

Percentile

39.9%

JSON

Related for CVELIST:CVE-2024-31411