CVE-2024-52302

Name of the Vulnerable Software and Affected Versions common-user-management (affected versions not specified)

Description The issue concerns a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture, which allows file uploads without proper validation or restrictions. This enables attackers to upload malicious files, potentially leading to Remote Code Execution (RCE).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.