CVE-2024-24569

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 1, 2024
Updated: Feb 9, 2024
CWE ID 22

Summary

CVE-2024-24569 is a vulnerability in the Pixee Java Code Security Toolkit version <=1.1.1, specifically in the ZipSecurity#isBelowCurrentDirectory function, which is meant to prevent path traversal attacks. This vulnerability allows attackers to bypass partial-path traversal protection and navigate into sibling paths. While it still prevents escaping into higher level directories, it poses a risk as attackers can access files in sibling paths. The vulnerability has been patched in version 1.1.2 of the toolkit.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-24569 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options