Lucene search

Veracode Vulnerability DatabaseVERACODE:46668

HistoryApr 29, 2024 - 7:05 a.m.

Server Side Template Injection

2024-04-2907:05:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote command execution

user input sanitization

arbitrary code execution

host security

software vulnerability

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

changedetection.io is vulnerable to Remote Command Execution. The vulnerability is due to improper sanitization of user summited input, which allows an attacker to execute arbitrary code on the host.

CPENameOperatorVersion
changedetection.iole0.45.20
changedetection.iole0.45.20

CPE	Name	Operator	Version
	changedetection.io	le	0.45.20
	changedetection.io	le	0.45.20

References

blog.hacktivesecurity.com/index.php/2024/05/08/cve-2024-32651-server-side-template-injection-changedetection-io/

github.com/dgtlmoon/changedetection.io/commit/bd6eda696cd41ffe8f93af2fa00c3bcb478d067e

github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21

github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3

www.onsecurity.io/blog/server-side-template-injection-with-jinja2

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

Related for VERACODE:46668