CVE-2024-37759

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DataGear versions 5.0.0 and earlier

Description A SpEL (Spring Expression Language) expression injection issue was found in the Data Viewing interface. This allows for potential malicious activity via the injection of expressions.

Recommendations For versions 5.0.0 and earlier, consider restricting access to the Data Viewing interface until a fix is available. As a temporary workaround, disabling the use of SpEL expressions in this interface may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2024-37759

Affected Products

Datagear

CVE-2024-37759

Weakness Enumeration

Related Identifiers

Affected Products

References · 7