Lucene search
K

4 matches found

Nuclei
Nuclei
added 13 hours ago132 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.1AI score0.59798EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/04 11:33 p.m.8 views

CVE-2024-48914

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS6.6AI score0.59798EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/10/21 10:2 a.m.954 views

Exploit for CVE-2024-48914

This post is a research article published by EQSTLabhttps://g...

9.1CVSS9.4AI score0.59798EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/10/15 6:0 p.m.6 views

@artcoded/gcp-asset-server-plugin (>=1.0.1 <=1.0.4), @grupo-loja/vendure-banner-plugin (=1.0.0) +54 more potentially affected by CVE-2024-48914 via @vendure/asset-server-plugin (>=0.12.5 <=2.2.7)

@vendure/asset-server-plugin NPM version =0.12.5, =1.0.1, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.2.4 and more Source cves: CVE-2024-48914 Source advisory: OSV:GHSA-R9MQ-3C9R-FMJQ...

9.1CVSS7.2AI score0.59798EPSS
Exploits1
Rows per page
Query Builder