CVE-2024-37301

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Jun 11, 2024

Updated: Jun 13, 2024

CWE ID 1336

Summary

CVE-2024-37301 is a recently disclosed vulnerability affecting Document Merge Service, a document template merge service offering an API for managing templates and merging them with data. The issue lies in server-side template injection, which can be exploited for remote code execution in versions 6.5.1 and below. This vulnerability carries serious implications, as successful exploitation allows for full takeover of the affected system when executed as root. At present, no patched versions or workarounds have been made available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wTRFQH
https://www.cve.org/CVERecord?id=CVE-2024-37301
https://nvd.nist.gov/vuln/detail/CVE-2024-37301

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-37301

CVSS 3.1 Score 9.9 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations