Vulnerability Details CVE-2024-31411
Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.
Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).
The unrestricted upload is only possible for authenticated and authorized users.
This issue affects Apache StreamPipes: through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.1%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-31411
-
cpe:2.3:a:apache:streampipes:0.55.1
-
cpe:2.3:a:apache:streampipes:0.55.2
-
cpe:2.3:a:apache:streampipes:0.60.0
-
cpe:2.3:a:apache:streampipes:0.60.1
-
cpe:2.3:a:apache:streampipes:0.61.0
-
cpe:2.3:a:apache:streampipes:0.62.0
-
cpe:2.3:a:apache:streampipes:0.63.0
-
cpe:2.3:a:apache:streampipes:0.64.0
-
cpe:2.3:a:apache:streampipes:0.65.0
-
cpe:2.3:a:apache:streampipes:0.66.0
-
cpe:2.3:a:apache:streampipes:0.67.0
-
cpe:2.3:a:apache:streampipes:0.68.0
-
cpe:2.3:a:apache:streampipes:0.69.0
-
cpe:2.3:a:apache:streampipes:0.70.0
-
cpe:2.3:a:apache:streampipes:0.90.0
-
cpe:2.3:a:apache:streampipes:0.91.0
-
cpe:2.3:a:apache:streampipes:0.92.0
-
cpe:2.3:a:apache:streampipes:0.93.0