Lucene search
JpcertVULNRICHMENT:CVE-2024-36360HistoryJun 11, 2024 - 4:19 a.m.
CVE-2024-36360
2024-06-1104:19:39
jpcert
github.com
4
command injection
awkblog
v0.0.1
AI Score
8
Confidence
Low
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:keisuke_nakayama:awkblog:*:*:*:*:*:*:*:*"
],
"vendor": "keisuke_nakayama",
"product": "awkblog",
"versions": [
{
"status": "affected",
"version": "v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2024-36360
2024-06-11 05:15:53
jvn
jvn
JVN#80506242: awkblog vulnerable to OS command injection
2024-05-30 00:00:00
cve
cve
CVE-2024-36360
2024-06-11 05:15:53
cvelist
cvelist
CVE-2024-36360
2024-06-11 04:19:39
AI Score
8
Confidence
Low
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-36360