CVE-2024-12994

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Dec 28, 2024
CWE ID 502
CWE ID 20

Summary

CVE-2024-12994 is a newly disclosed critical vulnerability affecting running-elephant Datart 1.0.0-rc3. The issue lies within the File Upload component's "File Upload" file, specifically the "extractModel" function. Maliciously crafted file inputs can induce deserialization vulnerabilities, putting systems at risk. This exploit can be launched remotely, increasing the potential threat surface. Public disclosure of the vulnerability and exploit means that attackers may already be targeting affected systems. Efforts to contact the vendor for a patch have not yielded any response as of yet.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share