CVE-2024-50054

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 35

Summary

CVE-2024-50054 is a newly disclosed vulnerability that impacts the back-end of certain applications. The issue arises from the failure to adequately validate user-controlled filename parameters, creating an avenue for attackers to execute path traversal attacks. By exploiting this weakness, adversaries can potentially gain unauthorized access to arbitrary files residing in the targeted system's file system. This vulnerability poses a significant risk, as it can lead to information disclosure and potential unauthorized system modifications. Organizations utilizing the affected back-end are urged to apply patches or workarounds as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share