Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.17 views

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

8.3CVSS8AI score0.01021EPSS
Exploits0References1
NVD
NVD
added 2024/07/19 8:15 p.m.28 views

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

8.3CVSS0.01021EPSS
Exploits0References2
CVE
CVE
added 2024/07/19 7:50 p.m.48 views

CVE-2024-39906

The CVE-2024-39906 vulnerability affects the Haven blog web application (Ruby on Rails) via its IndieAuth functionality. A logged-in administrator can be forced to click a crafted link that executes arbitrary commands on the server, enabling Remote Code Execution (RCE). The root cause is a comman...

8.3CVSS8AI score0.01021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.6 views

PT-2024-28724 · Unknown +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Haven blog web application affected versions not specified Description: A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires...

8.3CVSS8.3AI score0.01021EPSS
Exploits0References7
Rows per page
Query Builder