CVE-2024-6676
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-6676 is a newly disclosed critical vulnerability affecting witmy my-springsecurity-up to version 2024-07-03. The issue lies within an unknown functionality of the /api/user endpoint and stems from a sql injection vulnerability caused by manipulating the params.dataScope argument. This exploit can be executed remotely, and the attack code has been made public. Unfortunately, the product does not utilize versioning, making it difficult to determine which releases are impacted or protected against this vulnerability. The associated identifier for this problem is VDB-271111.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- my-springsecurity-plus