CVE-2023-38894

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 16, 2023

Updated: Aug 24, 2023

CWE ID 1321

Summary

CVE-2023-38894 is a prototype pollution vulnerability affecting Cronvel Tree-kit version 0.7.4 and earlier. This issue enables a remote attacker to exploit the extend function, resulting in arbitrary code execution. The vulnerability arises from the lack of proper input validation, allowing an attacker to inject malicious data and manipulate the prototype chain. This can lead to significant security risks, including unauthorized access, data theft, and system compromise. It's crucial for users to update their Cronvel Tree-kit installation as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG62ql
https://www.cve.org/CVERecord?id=CVE-2023-38894
https://nvd.nist.gov/vuln/detail/CVE-2023-38894

Back to Vulnerability Database

CVE-2023-38894

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations