CVE-2024-29643

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions croogo version 3.0.2

Description The issue allows an attacker to perform Host header injection via the feed.rss component.

Recommendations For croogo version 3.0.2, consider disabling the feed.rss component until a patch is available. Restrict access to this component to minimize the risk of exploitation.

Exploit

Fix

Special Elements Injection

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-444

Related Identifiers

CVE-2024-29643

GHSA-847X-X4JG-6GF4

Affected Products

Croogo

CVE-2024-29643

Weakness Enumeration

Related Identifiers

Affected Products

References · 8