CVE-2024-12138

Name of the Vulnerable Software and Affected Versions horilla versions up to 1.2.1

Description A critical vulnerability was found in horilla, affecting the function request new/get employee shift/create reimbursement/key result current value update/create meetings/create skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For versions up to 1.2.1, as a temporary workaround, consider disabling the request new/get employee shift/create reimbursement/key result current value update/create meetings/create skills function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.