Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerability
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.
Permalink: https://github.com/advisories/GHSA-gfqf-9w98-7jmxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Identifiers: GHSA-gfqf-9w98-7jmx, CVE-2024-24398
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-24398
- https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R
- http://stimulsoft.com
- https://cves.at/posts/cve-2024-24398/writeup
- https://github.com/advisories/GHSA-gfqf-9w98-7jmx
Affected Packages
npm:stimulsoft-dashboards-js
Dependent packages: 0Dependent repositories: 2
Downloads: 3,687 last month
Affected Version Ranges: < 2024.1.3
Fixed in: 2024.1.3
All affected versions: 2019.2.1, 2019.2.2, 2019.2.3, 2019.3.1, 2019.3.2, 2019.3.3, 2019.3.4, 2019.3.5, 2019.3.6, 2019.3.7, 2019.4.1, 2019.4.2, 2020.1.1, 2020.2.1, 2020.2.2, 2020.2.3, 2020.3.1, 2020.3.2, 2020.4.1, 2020.4.2, 2020.5.1, 2020.5.2, 2021.1.1, 2021.1.2, 2021.2.1, 2021.2.2, 2021.2.3, 2021.2.4, 2021.3.1, 2021.3.2, 2021.3.3, 2021.3.4, 2021.3.5, 2021.3.6, 2021.3.7, 2021.4.1, 2021.4.2, 2021.4.3, 2021.4.4, 2022.1.1, 2022.1.2, 2022.1.3, 2022.1.4, 2022.1.5, 2022.1.6, 2022.2.1, 2022.2.3, 2022.2.4, 2022.2.5, 2022.2.6, 2022.3.1, 2022.3.2, 2022.3.3, 2022.3.4, 2022.3.5, 2022.4.1, 2022.4.2, 2022.4.3, 2022.4.4, 2022.4.5, 2023.1.1, 2023.1.2, 2023.1.3, 2023.1.4, 2023.1.5, 2023.1.6, 2023.1.7, 2023.1.8, 2023.2.1, 2023.2.2, 2023.2.3, 2023.2.4, 2023.2.5, 2023.2.6, 2023.2.7, 2023.2.8, 2023.3.1, 2023.3.2, 2023.3.3, 2023.3.4, 2023.4.1, 2023.4.2, 2023.4.3, 2023.4.4, 2024.1.1, 2024.1.2
All unaffected versions: 2024.1.3, 2024.1.4, 2024.2.1, 2024.2.2, 2024.2.3, 2024.2.4