CVSS 3.1 Score 10.0 of 10 (high)


Published Feb 20, 2024


CVE-2024-1297 is a critical vulnerability that affects Loomio version 2.22.0, allowing for the execution of arbitrary commands on the server. This vulnerability stems from the application's susceptibility to OS Command Injection. The potential danger of this vulnerability lies in the fact that it can be exploited remotely without requiring any privileges or user interaction. It has a high impact on both integrity and confidentiality, with a base severity score of 10.0 according to CVSS version 3.1. Organizations using Loomio version 2.22.0 should take immediate action to remediate this vulnerability to protect their systems and data.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1297 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options