CVE-2024-1961 – vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of …

16 April 2024

Vuln ID: CVE-2024-1961

Published: 2024-04-16 00:15:10.867

Description: vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the ‘artifact_path’ parameter. This flaw can lead to Remote Code Execution (RCE) by overwriting critical files, such as the application’s configuration file, especially when the application is run outside of Docker. The vulnerability is present in the NFSController.java and NFSService.java components of the application.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

16 April 2024

Categorie(s):

NVD

Tag(s):

NVD

London Drugs closes all of its pharmacies following ‘cybersecurity incident’29 April 2024
The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen29 April 2024
What to know about AI at this year’s RSA Conference29 April 2024
Atos: French State Offers Non-Binding Intent to Acquire Cybersecurity and Computing Assets29 April 2024
Stop Managing Identities, Segment them Instead29 April 2024