Deserialization Vulnerability in Running-Elephant Datart File Upload Component
CVE-2024-12994

Currently unrated

Key Information:

Vendor: Running-Elephant
Vendor: CVE Published:; 28 December 2024

🔔 Create Running-Elephant Vulnerability Alert

What is CVE-2024-12994?

A deserialization vulnerability exists within the file upload component of Running-Elephant Datart version 1.0.0-rc3, specifically in the extractModel function of the /import directory. This vulnerability arises from improper handling of file arguments, which could allow an attacker to manipulate the deserialization process. The impact may enable remote exploitation, raising concerns about the integrity and security of the affected applications. The lack of vendor response following public disclosure heightens the urgency for users to assess the risk and take mitigating actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/piqi233/cves/blob/main/readme.md

https://vuldb.com/?ctiid.289628

https://vuldb.com/?id.289628

Timeline

Vulnerability published
Dec 28, 2024

JSON

Running-Elephant

What is CVE-2024-12994?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.