CVE-2024-23838

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 30, 2024

Updated: Feb 8, 2024

CWE ID 918

Summary

CVE-2024-23838 is a vulnerability affecting TrueLayer.NET, the .Net client for TrueLayer. Malicious actors could exploit this issue to manipulate the destination URL of the HttpClient used in the API classes, potentially leading to information disclosure by making unintended requests to local networks or the internet. To mitigate this risk, it's recommended to implement strict egress rules and validate user input passed to the `truelayer-dotnet` library. The issue does not affect TrueLayer.Client versions `v1.6.0` and later.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Truelayer Limited

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uPt2f2
https://www.cve.org/CVERecord?id=CVE-2024-23838
https://nvd.nist.gov/vuln/detail/CVE-2024-23838

Back to Vulnerability Database

CVE-2024-23838

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations