CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-46507

A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.0%

CVSS Severity

CVSS v3 Score 7.3

References

https://rhinosecuritylabs.com/research/cve-2024-46507-yeti-server-side-template-injection-ssti/

Products affected by CVE-2024-46507

Yeti-Platform » Yeti » Version: 2.0

cpe:2.3:a:yeti-platform:yeti:2.0
Yeti-Platform » Yeti » Version: 2.0.1

cpe:2.3:a:yeti-platform:yeti:2.0.1
Yeti-Platform » Yeti » Version: 2.0.2

cpe:2.3:a:yeti-platform:yeti:2.0.2
Yeti-Platform » Yeti » Version: 2.0.3

cpe:2.3:a:yeti-platform:yeti:2.0.3
Yeti-Platform » Yeti » Version: 2.0.4

cpe:2.3:a:yeti-platform:yeti:2.0.4
Yeti-Platform » Yeti » Version: 2.0.5

cpe:2.3:a:yeti-platform:yeti:2.0.5
Yeti-Platform » Yeti » Version: 2.1.0

cpe:2.3:a:yeti-platform:yeti:2.1.0
Yeti-Platform » Yeti » Version: 2.1.1

cpe:2.3:a:yeti-platform:yeti:2.1.1
Yeti-Platform » Yeti » Version: 2.1.10

cpe:2.3:a:yeti-platform:yeti:2.1.10
Yeti-Platform » Yeti » Version: 2.1.11

cpe:2.3:a:yeti-platform:yeti:2.1.11
Yeti-Platform » Yeti » Version: 2.1.2

cpe:2.3:a:yeti-platform:yeti:2.1.2
Yeti-Platform » Yeti » Version: 2.1.3

cpe:2.3:a:yeti-platform:yeti:2.1.3
Yeti-Platform » Yeti » Version: 2.1.4

cpe:2.3:a:yeti-platform:yeti:2.1.4
Yeti-Platform » Yeti » Version: 2.1.5

cpe:2.3:a:yeti-platform:yeti:2.1.5
Yeti-Platform » Yeti » Version: 2.1.6

cpe:2.3:a:yeti-platform:yeti:2.1.6
Yeti-Platform » Yeti » Version: 2.1.7

cpe:2.3:a:yeti-platform:yeti:2.1.7
Yeti-Platform » Yeti » Version: 2.1.8

cpe:2.3:a:yeti-platform:yeti:2.1.8
Yeti-Platform » Yeti » Version: 2.1.9

cpe:2.3:a:yeti-platform:yeti:2.1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-46507

Products

Pricing

Contact Us