In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 20-21, 2024.
During this period, The National Vulnerability Database published 167, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 26
Medium: 39
Low: 3
Severity Not Assigned: 94
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5182
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.
References: https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e
https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6100
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/344608204
CWE-ID: CWE-843
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
3. CVE-2024-6101
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/343748812
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
4. CVE-2024-6102
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/339169163
CWE-ID: CWE-787
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
5. CVE-2024-6103
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/344639860
CWE-ID: CWE-416
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
6. CVE-2024-3561
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://en-gb.wordpress.org/plugins/custom-field-suite/
https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/term.php#L58
https://mgibbs189.github.io/custom-field-suite/field-types/term.html
https://www.wordfence.com/threat-intel/vulnerabilities/id/afc00118-e87e-475a-8ad6-b68d09ee2e44?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-3562
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server.
References: https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L192
https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L224
https://mgibbs189.github.io/custom-field-suite/field-types/loop.html
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-3597
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
References: https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289
https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-3605
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://wordpress.org/plugins/wp-hotel-booking/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-4742
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/functions/youzify-account-verification-functions.php#L294
https://www.wordfence.com/threat-intel/vulnerabilities/id/08bd24ca-eec6-4b62-af49-192496e65a5b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5432
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
References: https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292
https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/vendor/webinane/webinane-commerce/includes/Classes/Checkout.php?rev=2490935#L125
https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-5605
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php#L2783
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098232%40media-library-assistant&new=3098232%40media-library-assistant&sfp_email=&sfph_mail=
https://wordpress.org/plugins/media-library-assistant/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba8a9f5-0633-4cf0-af27-5466d93e9020?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-6113
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The identifier VDB-268865 was assigned to this vulnerability.
References: https://github.com/wangyuan-ui/CVE/issues/3
https://vuldb.com/?ctiid.268865
https://vuldb.com/?id.268865
https://vuldb.com/?submit.358991
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-25646
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description: There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.
References: https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-4098
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L410
https://plugins.trac.wordpress.org/changeset/3103137
https://www.wordfence.com/threat-intel/vulnerabilities/id/f49fba00-c576-4a1a-8b0b-9ebed3e3d090?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-37532
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/294721
https://www.ibm.com/support/pages/node/7158031
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-6189
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://military-hail-377.notion.site/Tenda-A301V2-0-stack-overflow-c95f23f03b2b4eb5b8ffd3912e9982fd
https://vuldb.com/?ctiid.269160
https://vuldb.com/?id.269160
https://vuldb.com/?submit.355264
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-37222
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.9.10.
References: https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-6162
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.
References: https://access.redhat.com/security/cve/CVE-2024-6162
https://bugzilla.redhat.com/show_bug.cgi?id=2293069
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-6190
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Farm Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269162 is the identifier assigned to this vulnerability.
References: https://github.com/HryspaHodor/CVE/issues/2
https://vuldb.com/?ctiid.269162
https://vuldb.com/?id.269162
https://vuldb.com/?submit.359008
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-6191
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269163.
References: https://github.com/HryspaHodor/CVE/issues/3
https://vuldb.com/?ctiid.269163
https://vuldb.com/?id.269163
https://vuldb.com/?submit.359009
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-6192
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269164.
References: https://github.com/HryspaHodor/CVE/issues/4
https://vuldb.com/?ctiid.269164
https://vuldb.com/?id.269164
https://vuldb.com/?submit.359017
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-6193
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269165 was assigned to this vulnerability.
References: https://github.com/HryspaHodor/CVE/issues/5
https://vuldb.com/?ctiid.269165
https://vuldb.com/?id.269165
https://vuldb.com/?submit.359018
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-6196
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269168.
References: https://github.com/2768210355/cve/issues/1
https://vuldb.com/?ctiid.269168
https://vuldb.com/?id.269168
https://vuldb.com/?submit.359126
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-6147
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-802/
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-6153
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
The specific flaw exists within the Updater service. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-19481.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-803/
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-6154
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-804/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5746
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-32943
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03
CWE-ID: CWE-799
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-35246
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03
CWE-ID: CWE-799
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-37899
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`.
As an admin, go to the user profile and click the "Disable this account" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### Workarounds
We're not aware of any workaround except upgrading.
### References
* https://jira.xwiki.org/browse/XWIKI-21611
* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
References: https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93
https://jira.xwiki.org/browse/XWIKI-21611
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 20-21, 2024.
During this period, The National Vulnerability Database published 167, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 26
Medium: 39
Low: 3
Severity Not Assigned: 94
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5182
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.
References: https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e
https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6100
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/344608204
CWE-ID: CWE-843
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
3. CVE-2024-6101
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/343748812
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
4. CVE-2024-6102
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/339169163
CWE-ID: CWE-787
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
5. CVE-2024-6103
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/344639860
CWE-ID: CWE-416
Common Platform Enumerations (CPE): cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
6. CVE-2024-3561
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://en-gb.wordpress.org/plugins/custom-field-suite/
https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/term.php#L58
https://mgibbs189.github.io/custom-field-suite/field-types/term.html
https://www.wordfence.com/threat-intel/vulnerabilities/id/afc00118-e87e-475a-8ad6-b68d09ee2e44?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-3562
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server.
References: https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L192
https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L224
https://mgibbs189.github.io/custom-field-suite/field-types/loop.html
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-3597
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
References: https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289
https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-3605
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://wordpress.org/plugins/wp-hotel-booking/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-4742
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/functions/youzify-account-verification-functions.php#L294
https://www.wordfence.com/threat-intel/vulnerabilities/id/08bd24ca-eec6-4b62-af49-192496e65a5b?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5432
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
References: https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292
https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/vendor/webinane/webinane-commerce/includes/Classes/Checkout.php?rev=2490935#L125
https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-5605
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php#L2783
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098232%40media-library-assistant&new=3098232%40media-library-assistant&sfp_email=&sfph_mail=
https://wordpress.org/plugins/media-library-assistant/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba8a9f5-0633-4cf0-af27-5466d93e9020?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-6113
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The identifier VDB-268865 was assigned to this vulnerability.
References: https://github.com/wangyuan-ui/CVE/issues/3
https://vuldb.com/?ctiid.268865
https://vuldb.com/?id.268865
https://vuldb.com/?submit.358991
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-25646
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 0.5
Impact Score: 6.0
Description: There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.
References: https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844
CWE-ID: CWE-281
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-4098
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L410
https://plugins.trac.wordpress.org/changeset/3103137
https://www.wordfence.com/threat-intel/vulnerabilities/id/f49fba00-c576-4a1a-8b0b-9ebed3e3d090?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-37532
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/294721
https://www.ibm.com/support/pages/node/7158031
CWE-ID: CWE-347
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-6189
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://military-hail-377.notion.site/Tenda-A301V2-0-stack-overflow-c95f23f03b2b4eb5b8ffd3912e9982fd
https://vuldb.com/?ctiid.269160
https://vuldb.com/?id.269160
https://vuldb.com/?submit.355264
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-37222
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.9.10.
References: https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-6162
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.
References: https://access.redhat.com/security/cve/CVE-2024-6162
https://bugzilla.redhat.com/show_bug.cgi?id=2293069
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-6190
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Farm Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269162 is the identifier assigned to this vulnerability.
References: https://github.com/HryspaHodor/CVE/issues/2
https://vuldb.com/?ctiid.269162
https://vuldb.com/?id.269162
https://vuldb.com/?submit.359008
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-6191
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269163.
References: https://github.com/HryspaHodor/CVE/issues/3
https://vuldb.com/?ctiid.269163
https://vuldb.com/?id.269163
https://vuldb.com/?submit.359009
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-6192
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269164.
References: https://github.com/HryspaHodor/CVE/issues/4
https://vuldb.com/?ctiid.269164
https://vuldb.com/?id.269164
https://vuldb.com/?submit.359017
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-6193
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269165 was assigned to this vulnerability.
References: https://github.com/HryspaHodor/CVE/issues/5
https://vuldb.com/?ctiid.269165
https://vuldb.com/?id.269165
https://vuldb.com/?submit.359018
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-6196
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269168.
References: https://github.com/2768210355/cve/issues/1
https://vuldb.com/?ctiid.269168
https://vuldb.com/?id.269168
https://vuldb.com/?submit.359126
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-6147
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-802/
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-6153
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
The specific flaw exists within the Updater service. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-19481.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-803/
CWE-ID: CWE-693
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-6154
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.5
Impact Score: 6.0
Description: Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. Was ZDI-CAN-20450.
References: https://www.zerodayinitiative.com/advisories/ZDI-24-804/
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5746
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required authenticated access to GitHub Enterprise Server as a user with the Site Administrator role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.12.5, 3.11.11, 3.10.13, and 3.9.16. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.13
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.11
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.5
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.16
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-32943
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03
CWE-ID: CWE-799
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-35246
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03
CWE-ID: CWE-799
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-37899
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`.
As an admin, go to the user profile and click the "Disable this account" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### Workarounds
We're not aware of any workaround except upgrading.
### References
* https://jira.xwiki.org/browse/XWIKI-21611
* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
References: https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93
https://jira.xwiki.org/browse/XWIKI-21611
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found