CVE-2024-24842

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Mar 27, 2024
CWE ID 502

Summary

CVE-2024-24842 is a newly disclosed deserialization vulnerability that puts Echo Plugins' Knowledge Base for Documentation and FAQs with AI Assistance at risk. Affecting versions from n/a to 11.30.2, an attacker can exploit this vulnerability by deserializing untrusted data, potentially leading to code injection and unauthorized access. This issue poses a significant threat, as it can be exploited remotely and requires no user interaction. Organizations using the affected versions should apply the forthcoming patch as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share