CVE-2024-42166

Name of the Vulnerable Software and Affected Versions FIWARE Keyrock versions <= 8.4

Description The function generate app certificates in lib/app certificates.js does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.

Recommendations For FIWARE Keyrock versions <= 8.4, as a temporary workaround, consider disabling the generate app certificates function until a patch is available. Restrict access to the lib/app certificates.js module to minimize the risk of exploitation. Avoid using the function generate app certificates to create applications with potentially malicious names until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.