CVE-2024-29435

EUVD-2024-26441
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.1 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA-ADPADP
4.1 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
alldataalldata
0.4.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/Raybye/ea3a46adc5ea51e659c42218f05153fa
https://gist.github.com/Raybye/ea3a46adc5ea51e659c42218f05153fa