Dangerous File Upload Vulnerability in Apache StreamPipes Could Lead to Remote Code Execution

CVE-2024-31411

8.8HIGH

Key Information

Vendor: Apache
Status: Apache Streampipes
Vendor: CVE Published:; 17 July 2024

Summary

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Affected Version(s)

Apache StreamPipes <= 0.93.0

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 17, 2024
Vulnerability Reserved.
Apr 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

L0ne1y