File Name or Extension of Externally-Supplied File Vulnerabilities
CVE-2024-38432

9.8CRITICAL

Key Information:

Vendor: Matrix
Status: Tafnit V8
Vendor: CVE Published:; 30 July 2024

What is CVE-2024-38432?

A file injection vulnerability exists in Matrix Tafnit, specifically in version 8. This vulnerability arises from an over-reliance on the file name or extension of externally-supplied files. When malicious files are uploaded with misleading file names or extensions, the application may process them without the necessary validation, potentially leading to unauthorized actions or exposure of sensitive information. Organizations utilizing Matrix Tafnit are advised to review their file handling procedures and implement strict validation to mitigate the associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tafnit v8 All versions < 8.4.202

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2024
Vulnerability Reserved
Jun 16, 2024

Credit

Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - Sophtix Security LTD

JSON

Matrix

What is CVE-2024-38432?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.