CVE-2024-44623

An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:spx:spx_graphics_controller:*:*:*:*:*:*:*:*

History

25 Sep 2024, 14:53

Type Values Removed Values Added
Summary
  • (es) Un problema en TuomoKu SPx-GC v.1.3.0 y anteriores permite que un atacante remoto ejecute código arbitrario a través de la función child_process.js.
First Time Spx
Spx spx Graphics Controller
References () https://github.com/TuomoKu/SPX-GC - () https://github.com/TuomoKu/SPX-GC - Product
References () https://github.com/TuomoKu/SPX-GC/blob/v.1.3.0/routes/routes-api.js#L39 - () https://github.com/TuomoKu/SPX-GC/blob/v.1.3.0/routes/routes-api.js#L39 - Product
References () https://github.com/merbinr/CVE-2024-44623 - () https://github.com/merbinr/CVE-2024-44623 - Third Party Advisory
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:spx:spx_graphics_controller:*:*:*:*:*:*:*:*

17 Sep 2024, 02:35

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.3

16 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-16 16:15

Updated : 2024-09-25 14:53


NVD link : CVE-2024-44623

Mitre link : CVE-2024-44623

CVE.ORG link : CVE-2024-44623


JSON object : View

Products Affected

spx

  • spx_graphics_controller
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')