master-nan Sweet-CMS har 5f441e022b8876f07cde709c77b5be6d2f262e3f middleware/log.go LogHandler kura hakki ndiyam

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a master-nan Sweet-CMS har 5f441e022b8876f07cde709c77b5be6d2f262e3f. Tabbas, aikin LogHandler ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil middleware/log.go, a cikin sashi $software_component. Wuro manipulation ga kura hakki ndiyam. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-117. Lalle, rauni an sanar da shi 08/30/2024. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2024-8334. Ngam yiɗi ka a tuma ndiyam ka nder internet. Bayani na fasaha ga. Babu wani exploit da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí a wondi feere. 0-day ga, an ndiyam a wuro be $0-$5k. Ana amfani da rolling release a wannan kayi domin ci gaba da isar da sabuntawa. Saboda haka, babu bayanan sigar da abin ya shafa ko sabunta sigar da ake da su. Patch ɗin an san shi da 2024c370e6c78b07b358c9d4257fa5d1be732c38. Gyaran matsalar yana nan a shirye don saukewa a github.com. Ya kamata a yi amfani da patch don magance wannan matsala. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 Goyarwa · 88 Datenpunkte

FurɗeSúgá
08/30/2024 07:42		Gargadi 1/3
08/31/2024 15:10		Gargadi 2/3
09/04/2024 04:38		Gargadi 3/3
09/20/2024 01:59
cvss3_vuldb_aNNNN
cvss3_vuldb_rlOOOO
cvss3_vuldb_rcCCCC
advisory_urlhttps://github.com/master-nan/sweet-cms/issues/3https://github.com/master-nan/sweet-cms/issues/3https://github.com/master-nan/sweet-cms/issues/3https://github.com/master-nan/sweet-cms/issues/3
advisory_confirm_urlhttps://github.com/master-nan/sweet-cms/issues/3#issuecomment-2314447003https://github.com/master-nan/sweet-cms/issues/3#issuecomment-2314447003https://github.com/master-nan/sweet-cms/issues/3#issuecomment-2314447003https://github.com/master-nan/sweet-cms/issues/3#issuecomment-2314447003
countermeasure_nameKariKariKariKari
patch_name2024c370e6c78b07b358c9d4257fa5d1be732c382024c370e6c78b07b358c9d4257fa5d1be732c382024c370e6c78b07b358c9d4257fa5d1be732c382024c370e6c78b07b358c9d4257fa5d1be732c38
countermeasure_patch_urlhttps://github.com/master-nan/sweet-cms/commit/2024c370e6c78b07b358c9d4257fa5d1be732c38https://github.com/master-nan/sweet-cms/commit/2024c370e6c78b07b358c9d4257fa5d1be732c38https://github.com/master-nan/sweet-cms/commit/2024c370e6c78b07b358c9d4257fa5d1be732c38https://github.com/master-nan/sweet-cms/commit/2024c370e6c78b07b358c9d4257fa5d1be732c38
source_cveCVE-2024-8334CVE-2024-8334CVE-2024-8334CVE-2024-8334
cna_responsibleVulDBVulDBVulDBVulDB
software_typeContent Management SystemContent Management SystemContent Management SystemContent Management System
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciNNNN
cvss2_vuldb_iiPPPP
cvss2_vuldb_aiNNNN
cvss2_vuldb_rcCCCC
cvss2_vuldb_rlOFOFOFOF
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_uiNNNN
cvss4_vuldb_vcNNNN
cvss4_vuldb_viLLLL
cvss4_vuldb_vaNNNN
cvss2_vuldb_auSSSS
cvss2_vuldb_eNDNDNDND
cvss3_vuldb_prLLLL
cvss3_vuldb_eXXXX
cvss4_vuldb_atNNNN
cvss4_vuldb_prLLLL
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss4_vuldb_eXXXX
cvss2_vuldb_basescore4.04.04.04.0
cvss2_vuldb_tempscore3.53.53.53.5
cvss3_vuldb_basescore4.34.34.34.3
cvss3_vuldb_tempscore4.14.14.14.1
cvss3_meta_basescore4.34.34.35.6
cvss3_meta_tempscore4.14.24.25.5
cvss4_vuldb_bscore5.35.35.35.3
cvss4_vuldb_btscore5.35.35.35.3
advisory_date1724968800 (08/30/2024)1724968800 (08/30/2024)1724968800 (08/30/2024)1724968800 (08/30/2024)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
software_vendormaster-nanmaster-nanmaster-nanmaster-nan
software_nameSweet-CMSSweet-CMSSweet-CMSSweet-CMS
software_version<=5f441e022b8876f07cde709c77b5be6d2f262e3f<=5f441e022b8876f07cde709c77b5be6d2f262e3f<=5f441e022b8876f07cde709c77b5be6d2f262e3f<=5f441e022b8876f07cde709c77b5be6d2f262e3f
software_rollingrelease1111
software_filemiddleware/log.gomiddleware/log.gomiddleware/log.gomiddleware/log.go
software_functionLogHandlerLogHandlerLogHandlerLogHandler
vulnerability_cweCWE-117 (kura hakki ndiyam)CWE-117 (kura hakki ndiyam)CWE-117 (kura hakki ndiyam)CWE-117 (kura hakki ndiyam)
vulnerability_risk1111
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cNNNN
cvss3_vuldb_iLLLL
cve_nvd_summaryA vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue.A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue.A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue.
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prLLL
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cNNN
cvss3_cna_iLLL
cvss3_cna_aNNN
cvss3_cna_basescore4.34.34.3
cvss2_cna_avNNN
cvss2_cna_acLLL
cvss2_cna_auSSS
cvss2_cna_ciNNN
cvss2_cna_iiPPP
cvss2_cna_aiNNN
cvss2_cna_basescore444
cve_nvd_summaryesSe encontró una vulnerabilidad en master-nan Sweet-CMS hasta 5f441e022b8876f07cde709c77b5be6d2f262e3f. Se ha calificado como problemática. Este problema afecta a la función LogHandler del archivo middleware/log.go. La manipulación conduce a una neutralización incorrecta de la salida de los registros. El ataque puede iniciarse de forma remota. Este producto adopta el enfoque de lanzamientos continuos para proporcionar una entrega continua. Por lo tanto, los detalles de la versión para los lanzamientos afectados y actualizados no están disponibles. El identificador del parche es 2024c370e6c78b07b358c9d4257fa5d1be732c38. Se recomienda aplicar un parche para solucionar este problema.Se encontró una vulnerabilidad en master-nan Sweet-CMS hasta 5f441e022b8876f07cde709c77b5be6d2f262e3f. Se ha calificado como problemática. Este problema afecta a la función LogHandler del archivo middleware/log.go. La manipulación conduce a una neutralización incorrecta de la salida de los registros. El ataque puede iniciarse de forma remota. Este producto adopta el enfoque de lanzamientos continuos para proporcionar una entrega continua. Por lo tanto, los detalles de la versión para los lanzamientos afectados y actualizados no están disponibles. El identificador del parche es 2024c370e6c78b07b358c9d4257fa5d1be732c38. Se recomienda aplicar un parche para solucionar este problema.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aN
cvss3_nvd_basescore8.1

GurɗoGumtiGada

Do you need the next level of professionalism?

Upgrade your account now!