Free Trial

CVE-2024-7340 : WEAVE TRAVERSE UP TO 0.50.7 INPUT VALIDATION

Description

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.

References

https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/

https://github.com/wandb/weave/pull/1657

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-7340 : WEAVE TRAVERSE UP TO 0.50.7 INPUT VALIDATION
CVE-2024-7340 : WEAVE TRAVERSE UP TO 0.50.7 INPUT VALIDATION

Contact us to get started

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

CVE-2024-12840 : RED HAT SATELLITE HTTP PROXY SERVER-SIDE REQUEST FORGERY

Description A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with

Learn more
CVE-2024-51466 : IBM COGNOS ANALYTICS UP TO 11.2.4 FP4/12.0.4 EL EXPRESSION LANGUAGE INJECTION

CVE-2024-51466 : IBM COGNOS ANALYTICS UP TO 11.2.4 FP4/12.0.4 EL EXPRESSION LANGUAGE INJECTION

Description IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection

Learn more
CVE-2024-28767 : IBM SECURITY DIRECTORY INTEGRATOR UP TO 7.2.0.13/10.0.3 REQUEST OS COMMAND INJECTION

CVE-2024-28767 : IBM SECURITY DIRECTORY INTEGRATOR UP TO 7.2.0.13/10.0.3 REQUEST OS COMMAND INJECTION

Description IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute

Learn more