CVE-2024-54909

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions GoldPanKit eva-server version 4.1.0

Description A vulnerability has been identified that affects the path parameter of the "/api/resource/local/download" endpoint. Manipulation of this path parameter can lead to arbitrary file download.

Recommendations For GoldPanKit eva-server version 4.1.0, consider restricting access to the "/api/resource/local/download" endpoint until a patch is available. As a temporary workaround, avoid using the path parameter in this endpoint to minimize the risk of exploitation.

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

CVE-2024-54909

Affected Products

Goldpankit Eva-Server

CVE-2024-54909

Weakness Enumeration

Related Identifiers

Affected Products

References · 4