CVE-2024-48448

Name of the Vulnerable Software and Affected Versions Huly Platform version 0.6.295

Description The issue allows attackers to execute arbitrary code by uploading a crafted HTML file into the tracker comments page, potentially leading to code execution.

Recommendations For Huly Platform version 0.6.295, consider restricting access to the file upload feature in the tracker comments page until a patch is available. As a temporary workaround, avoid using the file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.