Yeti-Platform Yeti vulnerabilities
3 known vulnerabilities affecting yeti-platform/yeti.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2024-46507P2HIGHCVSS 7.3ExploitedPoC≥ 2.0, < 2.1.122026-05-08
CVE-2024-46507 [HIGH] CWE-94 CVE-2024-46507: A SSTI (server side template injection) vulnerability in the custom template export function in yeti
A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.
nvd
CVE-2024-46508P3HIGHCVSS 7.5≥ 2.0, < 2.1.122026-05-08
CVE-2024-46508 [HIGH] CWE-798 CVE-2024-46508: yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
nvd
CVE-2024-45412P3HIGHCVSS 7.5fixed in 2.1.112024-09-10
CVE-2024-45412 [HIGH] CWE-770 CVE-2024-45412: Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platfo
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial of service with attacks such as One Million Unicode paylo
nvd