PT-2024-38747 · Go Tribe · Gotribe-Admin
Zihe
·
Published
2024-08-20
·
Updated
2024-08-22
·
CVE-2024-8003
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Go-Tribe gotribe-admin version 1.0
Description:
A vulnerability was found in the Log Handler component of Go-Tribe gotribe-admin, affecting the function
InitRoutes of the file internal/app/routes/routes.go. This issue leads to deserialization, potentially allowing code execution.Recommendations:
Apply a patch with ID 45ac90d6d1f82716f77dbcdf8e7309c229080e3c to fix this issue. As a temporary workaround, consider disabling the
InitRoutes function until the patch is applied. Restrict access to the Log Handler component to minimize the risk of exploitation.Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gotribe-Admin