How severe is CVE-2024-23692?

CVE-2024-23692 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-23692

Name: http_file_server
Author: rejetto

9.8CRITICAL

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary comma

Опубликовано: 5/31/2024Обновлено: 10/31/2025

Известная эксплуатируемая уязвимость CISA

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.

Требуемое действие:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Срок:

2024-07-30

Описание

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

ИИ-АнализНа базе ИИ

Затронутые продукты

rejettohttp_file_server

Известная эксплуатируемая уязвимость CISA

Описание

ИИ-АнализНа базе ИИ

Затронутые продукты

Доступные эксплойты (1)

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

Ссылки