How severe is CVE-2024-23692?

CVE-2024-23692 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-23692

Name: http_file_server
Author: rejetto

9.8CRITICAL

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary comma

Published: 5/31/2024Updated: 10/31/2025

CISA Known Exploited Vulnerability

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date:

2024-07-30

Description

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

AI AnalysisPowered by AI

Affected Products

rejettohttp_file_server

CISA Known Exploited Vulnerability

Description

AI AnalysisPowered by AI

Affected Products

Available Exploits (1)

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

References