CVE-2024-31411

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:13

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/16/10 -
References () https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt - Mailing List, Vendor Advisory () https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt - Mailing List, Vendor Advisory

22 Aug 2024, 16:07

Type Values Removed Values Added
First Time Apache streampipes
Apache
CPE cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:*
References () https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt - () https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt - Mailing List, Vendor Advisory
CVSS v2 : unknown
v3 : 6.0
v2 : unknown
v3 : 8.8

01 Aug 2024, 13:50

Type Values Removed Values Added
Summary
  • (es) Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Apache StreamPipes. Un tipo tan peligroso podría ser un archivo ejecutable que pueda conducir a una ejecución remota de código (RCE). La carga sin restricciones sólo es posible para usuarios autenticados y autorizados. Este problema afecta a Apache StreamPipes: hasta 0.93.0. Se recomienda a los usuarios actualizar a la versión 0.95.0, que soluciona el problema.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.0

17 Jul 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-17 10:15

Updated : 2024-11-21 09:13


NVD link : CVE-2024-31411

Mitre link : CVE-2024-31411

CVE.ORG link : CVE-2024-31411


JSON object : View

Products Affected

apache

  • streampipes
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type