XWiki Platform vulnerable to Remote Code Execution (RCE) attack
CVE-2024-21650
What is CVE-2024-21650?
The XWiki Platform is susceptible to a remote code execution vulnerability due to improper handling of user input in the user registration feature. This vulnerability allows attackers to inject malicious payloads via the 'first name' or 'last name' fields during the registration process. The risk is significant for installations that permit guest user registrations, as an attacker could potentially execute arbitrary code on the server. This vulnerability has been addressed in the subsequent releases: XWiki 14.10.17, 15.5.3, and 15.8 RC1, urging users to update their installations to mitigate security risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
xwiki-platform >= 2.2, < 14.10.17 < 2.2, 14.10.17
xwiki-platform >= 15.0-rc-1, < 15.5.3 < 15.0-rc-1, 15.5.3
xwiki-platform >= 15.6-rc-1, < 15.8-rc-1 < 15.6-rc-1, 15.8-rc-1
References
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved