PT-2024-33116 · Unknown · Huly Platform

Bruno Menna

Published

2024-10-25

Updated

2024-10-29

CVE-2024-48450

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Huly Platform version 0.6.295

Description The issue allows attackers to execute arbitrary code by uploading a crafted HTML file into a chat group, potentially leading to code execution.

Recommendations For Huly Platform version 0.6.295, consider restricting the upload of HTML files into chat groups until a patch is available. As a temporary workaround, disabling the file upload feature in chat groups may help minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-48450

Affected Products

Huly Platform

PT-2024-33116 · Unknown · Huly Platform

CVE-2024-48450

Weakness Enumeration

Related Identifiers

Affected Products

References · 3