CVE-2024-56363

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 23, 2024

CWE ID 97

Summary

CVE-2024-56363 is a vulnerability affecting APTRS (Automated Penetration Testing Reporting System), a Python and Django-based tool used by penetration testers and security organizations. The issue lies in the application's mishandling of user-supplied input in Jinja2 templates. When input is insufficiently sanitized or validated, an attacker can inject Jinja2 syntax, leading to the execution of arbitrary code on the server. This vulnerability can be exploited by submitting crafted input to fields handled by ckeditor and rendered without proper sanitization. Possible payloads include expressions like {{ config }} or {{ self.class.mro[1].subclasses() }}, and potentially more dangerous code snippets.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-56363

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations