CVE-2024-5355

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published May 26, 2024

Updated: Jun 4, 2024

CWE ID 77

Summary

CVE-2024-5355 is a critical vulnerability affecting anji-plus AJ-Report versions up to 1.4.1. The issue lies within the IGroovyHandler function, which allows for command injection. An attacker can exploit this vulnerability remotely, making it a significant threat. The exploit has been made public, increasing the risk of active exploitation. The vulnerability also holds the identifier VDB-266267 in the Vulnerability Database.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wGsmXP
https://www.cve.org/CVERecord?id=CVE-2024-5355
https://nvd.nist.gov/vuln/detail/CVE-2024-5355

Back to Vulnerability Database

CVE-2024-5355

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations