CVE-2024-24892

Name of the Vulnerable Software and Affected Versions openEuler migration-tools versions 1.0.0 through 1.0.1

Description The issue is related to Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection', and Improper Privilege Management vulnerability in openEuler migration-tools on Linux. This allows Command Injection and Restful Privilege Elevation. The vulnerability is associated with program files in the migration-tools, specifically the index.py file.

Recommendations For versions 1.0.0 through 1.0.1, update immediately to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the migration service until a patch is available.