CVE-2024-56204

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 31, 2024

CWE ID 352

Summary

CVE-2024-56204 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Yonatan Reinberg's Sinking Dropdowns, from versions n/a through 1.25. This issue enables privilege escalation, allowing unauthorized users to submit malicious requests on behalf of other users, potentially leading to serious security consequences. Attackers can exploit this vulnerability to execute unwanted actions or gain unauthorized access to sensitive information. Users are advised to update their Sinking Dropdowns to the latest patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1uYSJs
https://www.cve.org/CVERecord?id=CVE-2024-56204
https://nvd.nist.gov/vuln/detail/CVE-2024-56204

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners

CVE-2024-56204

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations