Lucene search
RubySecRUBY:SEQUENCESERVER-2024-42360HistoryAug 12, 2024 - 9:00 p.m.
Command Injection in sequenceserver gem
2024-08-1221:00:00
RubySec
github.com
6
command injection
http endpoints
user input
query parameters
shell commands
sequenceserver gem
security patch
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
Impact
Several HTTP endpoints did not properly sanitize user input
and/or query parameters. This could be exploited to inject
and run unwanted shell commands
Patches
Fixed in 3.1.2
Workarounds
No known workarounds
Affected configurations
Node
rubysequenceserverRange≤3.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | sequenceserver | * | cpe:2.3:a:ruby:sequenceserver:*:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2024-42360
2024-08-14 20:15:12
Command Injection in sequenceserver
2024-08-13 21:01:42
github
github
Command Injection in sequenceserver
2024-08-13 21:01:42
cve
cve
CVE-2024-42360
2024-08-14 20:15:12
veracode
veracode
Command Injection
2024-08-14 03:47:31
cvelist
cvelist
CVE-2024-42360 Command Injection in sequenceserver
2024-08-14 19:50:09
vulnrichment
vulnrichment
CVE-2024-42360 Command Injection in sequenceserver
2024-08-14 19:50:09
nvd
nvd
CVE-2024-42360
2024-08-14 20:15:12
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
Related for RUBY:SEQUENCESERVER-2024-42360