CVE-2024-53554 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
taigaio	taiga_front	𝑥 < 6.8.1	ADP

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing

https://gist.githubusercontent.com/Tommywarren/5ed67ab173ed60faeb791215d68e3fac/raw/352cb4259c0d41d70a206d108b5578c15824b2ff/CVE-2024-53554