CVE-2024-12994
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-12994 is a newly disclosed critical vulnerability affecting running-elephant Datart 1.0.0-rc3. The issue lies within the File Upload component's "File Upload" file, specifically the "extractModel" function. Maliciously crafted file inputs can induce deserialization vulnerabilities, putting systems at risk. This exploit can be launched remotely, increasing the potential threat surface. Public disclosure of the vulnerability and exploit means that attackers may already be targeting affected systems. Efforts to contact the vendor for a patch have not yielded any response as of yet.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.