CVE-2024-10224

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Modules::ScanDeps versions prior to 1.36

Description The issue is related to the Modules::ScanDeps library, which does not properly sanitize input. This can allow an attacker to execute arbitrary shell commands. A local attacker could exploit this by passing unsanitized input to the library, potentially allowing them to run commands as root.

Recommendations For versions prior to 1.36, update to version 1.36 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Modules::ScanDeps library until a patch is applied. Avoid using unsanitized input with the library to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALSA-2025:7350

AZL-53394

AZL-53397

BDU:2024-10103

CVE-2024-10224

DLA-3958-1

DSA-5816-1

GHSA-G597-359Q-V529

INFSA-2025_7350

OESA-2024-2496

OPENSUSE-SU-2025:14635-1

RHSA-2025:7350

RHSA-2025_7350

USN-7117-1

USN-7117-2

USN-7117-3

Affected Products

Almalinux

Astra Linux

Linuxmint

Modules::Scandeps

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2024-10224

Weakness Enumeration

Related Identifiers

Affected Products

References · 65