CVE-2024-23054

Published: Feb 5, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).

Affected (1)

Products: Plone: Plone Docker Official Image

Plone

1 product

Plone Docker Official Image

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Plone Plone Docker Official Image	Version 5.2.13

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

http://plone.com

Source: cve@mitre.org

Not Applicable

http://ploneorg.com

Source: cve@mitre.org

Product

https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

http://plone.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://ploneorg.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.