CVE-2024-31411 — Unrestricted File Upload in Apache Streampipes

CWE-434 — Unrestricted File Upload5 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.8%

top 17.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Streampipes Apache Software Foundation Apache Streampipes

Timeline

PublishedJul 17

Description

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/streampipes< 0.95.0

▶PyPIapache/streampipes< 0.95.0

▶CVEListV5apache_software_foundation/apache_streampipes0.93.0

🔴Vulnerability Details

OSV

Apache StreamPipes has potential remote code execution (RCE) via file upload↗2024-07-17

▶

OSV

CVE-2024-31411: Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes↗2024-07-17

▶

GHSA

Apache StreamPipes has potential remote code execution (RCE) via file upload↗2024-07-17

▶

CVEList

Apache StreamPipes: Potential remote code execution (RCE) via file upload↗2024-07-17

▶