CVE-2024-27292

EUVD-2024-0665
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
jhpyledocassemble
1.4.53 ≤
𝑥
< 1.4.97
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
jhpyledocassemble
1.4.53 ≤
𝑥
< 1.4.97
ADP
Common Weakness Enumeration
References
https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9
https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv
https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9
https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv