Rk100

Name of the Vulnerable Software and Affected Versions: Wazuh versions 4.2.x through 4.2.4 Wazuh versions prior to 4.2.5 Description: The issue arises from the wazuh-slack active response script, where untrusted user agents are passed to a curl command line. This could potentially result in remote code execution. Recommendations: For Wazuh versions 4.2.x through 4.2.4, update to version 4.2.5 or later. For Wazuh versions prior to 4.2.5, update to version 4.2.5 or later. As a temporary workaround, consider restricting access to the wazuh-slack active response script until a patch is available.