CVE-2024-0357

Name of the Vulnerable Software and Affected Versions coderd-repos Eva version 1.0.0

Description A critical issue was found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /system/traceLog/page. The manipulation of the property argument leads to SQL injection. The issue has been publicly disclosed and may be exploited.

Recommendations For coderd-repos Eva version 1.0.0, consider restricting access to the /system/traceLog/page file to minimize the risk of SQL injection exploitation. As a temporary workaround, avoid using the property argument in the affected HTTP POST Request Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.