AZL-39914 CVE-2024-32487 affecting package less for versions less than 643-2

🗓️ 13 Apr 2024 15:15:52Reported by GoogleType

osv🔗 osv.dev👁 2 Views

AZL-39914 CVE-2024-32487: less than 643-2 allows OS command execution via newline in file names with attacker controlled names and LESSOPEN.

Reporter	Title	Published	Views	Family All 206
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to less atarbitrary command execution vulnerability [CVE-2024-32487]	6 Aug 202421:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)	27 May 202523:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues	8 Aug 202417:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in less (CVE-2024-32487) affects Power HMC.	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway	15 Apr 202502:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	15 Apr 202502:53	–	ibm
Tenable Nessus	Amazon Linux 2023 : less (ALAS2023-2024-622)	28 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : less (ALAS-2024-2547)	31 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : less (ALAS-2025-1958)	5 Feb 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0168: less (ALINUX3-SA-2024:0168)	14 May 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-32487

21 Apr 2026 04:28Current

7High risk

Vulners AI Score7

CVSS 3.18.6

EPSS0.00329

SSVC