CVE-2024-41708

Name of the Vulnerable Software and Affected Versions AdaCore ada web services version 20.0

Description An issue was discovered that allows an attacker to escalate privileges and steal sessions via the Random String() function in the src/core/aws-utils.adb module. This issue affects AdaCore ada web services, enabling attackers to exploit the Random String() function for malicious purposes.

Recommendations For AdaCore ada web services version 20.0, consider disabling the Random String() function in the src/core/aws-utils.adb module as a temporary workaround until a patch is available. Restrict access to the src/core/aws-utils.adb module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.