CVE-2024-1651

CVSS 3.1 Score 10.0 of 10 (CRITICAL)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

CHANGED

Privileges Required

NONE

Summary

CVE-2024-1651 is a newly identified vulnerability affecting Torrentpier version 2.4.1. Malicious actors can exploit this issue to execute arbitrary commands on the server. The cause of this vulnerability is insecure deserialization, a common programming error that allows attackers to insert malicious data into a system and execute it with the privileges of the application. This can lead to serious consequences, including data theft, unauthorized access, and server compromise. Users are strongly urged to update to the latest version of Torrentpier to mitigate this risk.

Details

Published: formatDate( 2024-02-20T00:15:14.847Z )
Updated: formatDate( 2024-02-20T19:50:53.960Z )
CWE ID: CWE-502

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ulMVnI
https://www.cve.org/CVERecord?id=CVE-2024-1651
https://nvd.nist.gov/vuln/detail/CVE-2024-1651