Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to OS Command Injection.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/stones | Exploit Vendor Advisory |
https://github.com/loomio/loomio | Product |
https://fluidattacks.com/advisories/stones | Exploit Vendor Advisory |
https://github.com/loomio/loomio | Product |
Configurations
History
31 Dec 2024, 14:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
References | () https://fluidattacks.com/advisories/stones - Exploit, Vendor Advisory | |
References | () https://github.com/loomio/loomio - Product | |
First Time |
Loomio
Loomio loomio |
|
CPE | cpe:2.3:a:loomio:loomio:2.22.0:*:*:*:*:*:*:* |
21 Nov 2024, 08:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/stones - | |
References | () https://github.com/loomio/loomio - |
20 Feb 2024, 19:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Feb 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-20 00:15
Updated : 2024-12-31 14:28
NVD link : CVE-2024-1297
Mitre link : CVE-2024-1297
CVE.ORG link : CVE-2024-1297
JSON object : View
Products Affected
loomio
- loomio