CVE-2024-31411
published 2024-07-17CVE-2024-31411: Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.11%
61.7th percentile
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.
Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).
The unrestricted upload is only possible for authenticated and authorized users.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | streampipes | < 0.95.0 | 0.95.0 |
| apache | streampipes | >= 0 < 0.95.0 | 0.95.0 |
| apache_software_foundation | apache_streampipes | <= 0.93.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache StreamPipes has potential remote code execution (RCE) via file upload
osv·2024-07-17
CVE-2024-31411 [HIGH] Apache StreamPipes has potential remote code execution (RCE) via file upload
Apache StreamPipes has potential remote code execution (RCE) via file upload
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.
Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).
The unrestricted upload is only possible for authenticated and authorized users.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
OSV
CVE-2024-31411: Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes
osv·2024-07-17
CVE-2024-31411 CVE-2024-31411: Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.
Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).
The unrestricted upload is only possible for authenticated and authorized users.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
GHSA
Apache StreamPipes has potential remote code execution (RCE) via file upload
ghsa·2024-07-17
CVE-2024-31411 [HIGH] CWE-434 Apache StreamPipes has potential remote code execution (RCE) via file upload
Apache StreamPipes has potential remote code execution (RCE) via file upload
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.
Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).
The unrestricted upload is only possible for authenticated and authorized users.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-17
Published