Command Injection Vulnerability in Didi Super-Jacoco 1.0
CVE-2024-10919

9.8CRITICAL

Key Information:

Vendor: Didi
Status: Super-jacoco
Vendor: CVE Published:; 6 November 2024

What is CVE-2024-10919?

A vulnerability has been identified in Didi's Super-Jacoco 1.0, associated with the file /cov/triggerUnitCover. This issue allows for os command injection due to inadequate validation of the argument 'uuid'. As a result, attackers can remotely manipulate this argument, potentially leading to unauthorized command execution on the underlying system. The details of this vulnerability have been made public, increasing the urgency for users of the affected version to implement necessary security measures to mitigate risks.

References

https://vuldb.com/?id.283315

https://vuldb.com/?ctiid.283315

https://vuldb.com/?submit.432689

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2024