Lucene search
ApacheVULNRICHMENT:CVE-2024-31411HistoryJul 17, 2024 - 9:22 a.m.
CVE-2024-31411 Apache StreamPipes: Potential remote code execution (RCE) via file upload
2024-07-1709:22:08
CWE-434
apache
github.com
4
apache streampipes
remote code execution
file upload vulnerability
version 0.95.0
AI Score
8
Confidence
Low
EPSS
0.001
Percentile
39.9%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.
Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).
The unrestricted upload is only possible for authenticated and authorized users.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache StreamPipes",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_streampipes:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_streampipes",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "maven",
"lessThanOrEqual": "0.93.0"
}
],
"defaultStatus": "unknown"
}
]Related
github
github
Apache StreamPipes has potential remote code execution (RCE) via file upload
2024-07-17 12:31:11
cvelist
cvelist
osv
osv
Apache StreamPipes has potential remote code execution (RCE) via file upload
2024-07-17 12:31:11
CVE-2024-31411
2024-07-17 10:15:01
veracode
veracode
Remote Code Execution (RCE)
2024-07-19 09:08:18
nvd
nvd
CVE-2024-31411
2024-07-17 10:15:01
cve
cve
CVE-2024-31411
2024-07-17 10:15:01
AI Score
8
Confidence
Low
EPSS
0.001
Percentile
39.9%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-31411