Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38433

HistoryDec 12, 2022 - 4:21 a.m.

Arbitrary Code Injection

2022-12-1204:21:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

akeneo

pim-community-dev

arbitrary code injection

httpd.conf

user inputs

malicious code

0.004 Low

EPSS

Percentile

73.4%

akeneo/pim-community-dev is vulnerable to arbitrary code injection. The vulnerability exists in Location parameter in httpd.conf because of not properly validate user inputs which allows an attacker to inject and execute malicious code into the system.

CPENameOperatorVersion
akeneo/pim-community-devlev6.0.52
akeneo/pim-community-devlev5.0.118
akeneo/pim-community-devlev6.0.52
akeneo/pim-community-devlev5.0.118

References

github.com/akeneo/pim-community-dev/blob/b4d79bb073c8b68ea26ab227c97cc78d86c4cba1/docker/httpd.conf#L39

github.com/akeneo/pim-community-dev/commit/891a2f70a9a200f199de06fe64d376d03787a81a

github.com/akeneo/pim-community-dev/commit/a53e16c8ee686641d8f69ca8ba68df7893828070

github.com/akeneo/pim-community-dev/pull/18543

github.com/akeneo/pim-community-dev/releases/tag/v6.0.53

github.com/akeneo/pim-community-dev/security/advisories/GHSA-w9wc-4xcq-8gr6

0.004 Low

EPSS

Percentile

73.4%

Related for VERACODE:38433

gitlab1 github1 prion1 osv3 cve1 cvelist1 nvd1