Lucene search

GoogleOSV:GHSA-W9H2-PX87-74VX

HistoryJan 30, 2024 - 8:56 p.m.

vantage6 remote code execution vulnerability

2024-01-3020:56:45

Google

osv.dev

vulnerability

remote code execution

authenticated users

algorithm environment variables

software security

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Impact

Authenticated users could inject code into algorithm environment variables

Workarounds

CPENameOperatorVersion
vantage6eq1.0.0b12
vantage6eq2.2.6
vantage6eq3.10.1
vantage6eq3.3.1
vantage6eq3.4.2
vantage6eq3.10.0
vantage6eq3.5.0
vantage6eq4.0.0a5
vantage6eq2.3.0rc2
vantage6eq3.2.0rc4

Name	Operator	Version
vantage6	eq	1.0.0b12
vantage6	eq	2.2.6
vantage6	eq	3.10.1
vantage6	eq	3.3.1
vantage6	eq	3.4.2
vantage6	eq	3.10.0
vantage6	eq	3.5.0
vantage6	eq	4.0.0a5
vantage6	eq	2.3.0rc2
vantage6	eq	3.2.0rc4

Rows per page:

1-10 of 2001

References

github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-30.yaml

github.com/vantage6/vantage6

github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd

github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx

nvd.nist.gov/vuln/detail/CVE-2024-21649

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Related for OSV:GHSA-W9H2-PX87-74VX