CVE-2024-49368

Name of the Vulnerable Software and Affected Versions: Nginx UI versions prior to 2.0.0-beta.36

Description: The issue is related to the Nginx UI's configuration of logrotate, where it does not verify input and directly passes it to exec.Command, causing arbitrary command execution. This allows a remote attacker to execute arbitrary commands.

Recommendations: For versions prior to 2.0.0-beta.36, update to version 2.0.0-beta.36 to secure your Nginx web server. As a temporary workaround, consider restricting access to the logrotate configuration to minimize the risk of exploitation.