CVE-2024-56358

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 20, 2024

CWE ID 79

Summary

CVE-2024-56358 is a vulnerability affecting the grist-core spreadsheet hosting server. Malicious documents with embedded SVG files containing JavaScript code can compromise user accounts. The JavaScript code is executed in the context of the user's current page, potentially leading to account takeover. The issue has been resolved in version 1.3.2. It is strongly recommended that users upgrade to this version. Those unable to do so should exercise caution when previewing attachments from untrusted sources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1x9TYs
https://www.cve.org/CVERecord?id=CVE-2024-56358
https://nvd.nist.gov/vuln/detail/CVE-2024-56358

Back to Vulnerability Database

CVE-2024-56358

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations