CVE-2024-21542
CVSS 3.1 Score 8.6 of 10 (high)
Details
Summary
CVE-2024-21542 is a newly disclosed vulnerability affecting versions of the luigi package before 3.6.0. This issue allows an attacker to perform Arbitrary File Write via Archive Extraction (Zip Slip) due to a flaw in the _extract_packages_archive function. The function fails to validate destination file paths properly, enabling an adversary to write data to unintended locations within the targeted system. This vulnerability poses a significant risk, as attackers can exploit it to install malware, modify critical files, or gain unauthorized access. System administrators are advised to upgrade to the latest version of luigi to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Luigi