CVE-2024-32651

Published: 26/04/2024 Updated: 26/04/2024

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).

Check Point Reference: CPAI-2024-0378 Date Published: 6 Jun 2024 Severity: Critical ...

changedetection versions 04520 and below suffer from a remote code execution vulnerability ...

changedetection rce though ssti

cve-2024-32651 changedetection rce though ssti

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3 https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21 https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2 https://nvd.nist.gov https://github.com/zcrosman/cve-2024-32651 https://packetstormsecurity.com/files/178878/changedetection-0.45.20-Remote-Code-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0378.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-32651

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect