CVE-2024-57716

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 20, 2025

Updated: Feb 21, 2025

CWE ID 200

Summary

CVE-2024-57716 is a newly disclosed vulnerability affecting the AutoQueryable library by trenoncourt, specifically version 1.7.0. This issue enables a remote attacker to exploit the Unselectable function and gain unauthorized access to sensitive information. By manipulating the query parameters, an adversary can bypass intended access controls and retrieve data beyond their authorized scope. This vulnerability poses a significant risk to systems that utilize the affected library and have not yet applied the necessary patch. Organizations are strongly advised to update their instances of AutoQueryable to a secure version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database