CVE-2024-29224

Name of the Vulnerable Software and Affected Versions GoCast version 1.1.3

Description An OS command injection issue exists in the NAT parameter of GoCast. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this issue.

Recommendations For GoCast version 1.1.3, consider restricting access to the NAT parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the NAT parameter in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.