cbcvebase.
CVE-2024-21855
published 2024-11-21

CVE-2024-21855: A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.04%
78.7th percentile
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Affected

4 ranges
VendorProductVersion rangeFixed in
gocastgocast
linuxlinux_kernel>= 0 < 5.15.0-164.1745.15.0-164.174
linuxlinux_kernel>= 0 < 5.4.0-224.2445.4.0-224.244
mayuresh82gocast

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.