PT-2024-22632 · Gocast+1 · Gocast+1

Edwin Molenaar

Published

2024-11-21

Updated

2025-01-10

CVE-2024-28892

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GoCast version 1.1.3

Description An OS command injection issue exists in the name parameter of GoCast, allowing arbitrary command execution via a specially crafted HTTP request. This can be triggered by an unauthenticated HTTP request.

Recommendations For GoCast version 1.1.3, consider restricting access to the name parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2024-28892

GHSA-5QWW-56GC-F66C

GO-2024-3359

OPENSUSE-SU-2025:14624-1

OPENSUSE-SU-2025_0060-1

SUSE-SU-2025:0060-1

Affected Products

Gocast

Suse

PT-2024-22632 · Gocast+1 · Gocast+1

CVE-2024-28892

Weakness Enumeration

Related Identifiers

Affected Products

References · 31