Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-24683

Published: 19/03/2024 Updated: 19/03/2024

Vulnerability Summary

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: prior to 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client.

Mailing Lists

Full Disclosure: CVE-2024-24683: Apache Hop Engine: ID isn't escaped when generating HTML
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2024-24683: Apache Hop Engine: ID isn't escaped when generating HTML <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6thttps://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/232
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook