CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

Yeti Platform 代码注入漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 contained a code injection vulnerability. This vulnerability stemmed from server-side template injection during the custom template export function, which could...

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

CVE-2024-46508

CVE-2024-46508 affects yeti-platform yeti before 2.1.12. The issue allows an attacker to generate valid JWT tokens if YETI_AUTH_SECRET_KEY remains at the default SECRET. CVSS v3.1 base score 7.5 (High) with Network attack vector and no privileges required. Root cause: secret key used for JWT sign...

Yeti Platform 信任管理问题漏洞

Yeti Platform is an open-source daily threat intelligence platform developed by Yeti Platform. Versions of Yeti Platform prior to 2.1.12 had a trust management vulnerability. This vulnerability occurred because allowing attackers to generate valid JWT tokens occurred without changing the...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

CVE-2024-46508

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

CVE-2024-46507

CVE-2024-46507: Yeti Platform prior to 2.1.12 contains a Server-Side Template Injection (SSTI) in the custom template export function that can lead to remote code execution on the application server. Exploitation requires valid credentials (authenticated user). Impact includes arbitrary command e...

EUVD-2024-55570

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

EUVD-2024-55571

yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed by setting YETIAUTHSECRETKEY to a value other than SECRET...

Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE

The Yeti Platform " verified: true max-request: 4 tags: cve,cve2024,yeti,platform,ssti,rce,intrusive,vkev,vuln variables: username: "username" password: "password" http: - raw: - | POST /api/v2/auth/token HTTP/1.1 Host: Hostname Content-Type:...

CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

MAL-2025-44747 Malicious code in jade-yeti-tns661-project (npm)

The package jade-yeti-tns661-project was found to contain malicious code...