{"vulnerability": "cve-2024-2364", "sightings": [{"uuid": "06ea8a47-5cfd-4ea6-a34c-176015960079", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23641", "type": "seen", "source": "https://t.me/arpsyndicate/3056", "content": "#ExploitObserverAlert\n\nCVE-2024-23641\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23641. SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.", "creation_timestamp": "2024-01-26T20:16:59.000000Z"}, {"uuid": "f1804571-d126-4318-bde7-70bc68698537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2364", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12081", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-2364\n\ud83d\udd25 CVSS Score: 1.8 (cvssV3_1, Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320.\n\ud83d\udccf Published: 2024-03-10T23:00:08.397Z\n\ud83d\udccf Modified: 2025-04-16T15:48:58.608Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.256320\n2. https://vuldb.com/?ctiid.256320\n3. https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Musicshelf_Manifest_issue.md", "creation_timestamp": "2025-04-16T15:56:08.000000Z"}, {"uuid": "46306866-4970-4c0a-b7ad-d8bb9e33bca5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23649", "type": "seen", "source": "https://t.me/arpsyndicate/3108", "content": "#ExploitObserverAlert\n\nCVE-2024-23649\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23649. Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports.  Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported:  Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance.  Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied.", "creation_timestamp": "2024-01-26T23:11:29.000000Z"}, {"uuid": "3fbae432-22a7-415a-94c9-f5aba23a9bbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23646", "type": "seen", "source": "https://t.me/arpsyndicate/3048", "content": "#ExploitObserverAlert\n\nCVE-2024-23646\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23646. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.", "creation_timestamp": "2024-01-26T19:43:20.000000Z"}, {"uuid": "f4931c63-5b60-460b-bbab-411243396eea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2364", "type": "seen", "source": "https://t.me/ctinow/204382", "content": "https://ift.tt/R8QpTGj\nCVE-2024-2364", "creation_timestamp": "2024-03-11T00:26:19.000000Z"}, {"uuid": "a7be21e8-a740-4593-b72b-15e277aa6078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23648", "type": "seen", "source": "https://t.me/arpsyndicate/2977", "content": "#ExploitObserverAlert\n\nCVE-2024-23648\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23648. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the \"Host\" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a \"Host\" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.", "creation_timestamp": "2024-01-26T15:09:42.000000Z"}, {"uuid": "462eaa68-e16c-4f4f-95e6-ae6baf29b50f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23644", "type": "seen", "source": "https://t.me/arpsyndicate/2974", "content": "#ExploitObserverAlert\n\nCVE-2024-23644\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-23644. Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert \"\\r\\n\" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values.  Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\\r\\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.)  In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.", "creation_timestamp": "2024-01-26T14:51:39.000000Z"}, {"uuid": "09ba1c70-b990-4bee-a80d-f52a54bd8b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2364", "type": "seen", "source": "https://t.me/ctinow/204378", "content": "https://ift.tt/R8QpTGj\nCVE-2024-2364", "creation_timestamp": "2024-03-11T00:26:16.000000Z"}, {"uuid": "b10e87fa-3ffe-465c-aa78-04b875ddb984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23647", "type": "seen", "source": "https://t.me/ctinow/190333", "content": "https://ift.tt/Cv397V2\nCVE-2024-23647 | authentik PKCE downgrade", "creation_timestamp": "2024-02-22T02:21:41.000000Z"}, {"uuid": "0abd73cc-cee3-4264-8cfb-9bd0c1acf6d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23645", "type": "seen", "source": "https://t.me/ctinow/192520", "content": "https://ift.tt/nMDhqHU\nCVE-2024-23645 | GLPI up to 10.0.11 Report Page cross site scripting", "creation_timestamp": "2024-02-24T10:11:17.000000Z"}, {"uuid": "6e3714c0-5573-402d-866a-e78f004d149f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23641", "type": "seen", "source": "https://t.me/ctinow/179431", "content": "https://ift.tt/NYVkPZ9\nCVE-2024-23641 Exploit", "creation_timestamp": "2024-02-05T19:16:55.000000Z"}, {"uuid": "dffb123e-da02-42bb-a615-c95770b0e512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23646", "type": "seen", "source": "https://t.me/ctinow/187209", "content": "https://ift.tt/RQM0Gzp\nCVE-2024-23646 | Pimcore admin-ui-classic-bundle up to 1.3.1 ZIP File selectedIds sql injection", "creation_timestamp": "2024-02-18T10:48:49.000000Z"}, {"uuid": "7334fe6e-0ae1-45ad-9e7f-40925d710365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23649", "type": "seen", "source": "https://t.me/ctinow/187208", "content": "https://ift.tt/O8e5BYC\nCVE-2024-23649 | Lemmy up to 0.19.0 API report improper authorization (GHSA-r64r-5h43-26qv)", "creation_timestamp": "2024-02-18T10:48:47.000000Z"}, {"uuid": "9a4bcd19-e811-4bab-acaf-a2d14bc7ba2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23644", "type": "seen", "source": "https://t.me/ctinow/187207", "content": "https://ift.tt/4O2CbIv\nCVE-2024-23644 | Trillium trillium-client/trillium-http HeaderValue response splitting", "creation_timestamp": "2024-02-18T10:48:46.000000Z"}, {"uuid": "76c8368c-f71f-4bbe-a374-4754616d3aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23646", "type": "seen", "source": "https://t.me/ctinow/177263", "content": "https://ift.tt/8NaiPlR\nCVE-2024-23646 Exploit", "creation_timestamp": "2024-02-01T02:17:02.000000Z"}, {"uuid": "2e4879ac-ab16-47ab-adf3-9c260487fa1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23645", "type": "seen", "source": "https://t.me/ctinow/177753", "content": "https://ift.tt/Sb0eTus\nCVE-2024-23645", "creation_timestamp": "2024-02-01T19:21:41.000000Z"}, {"uuid": "7043df66-03e2-4076-ae85-cb3b9b3231d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23647", "type": "seen", "source": "https://t.me/ctinow/176159", "content": "https://ift.tt/alw1Gd5\nCVE-2024-23647", "creation_timestamp": "2024-01-30T18:32:11.000000Z"}, {"uuid": "96ca282c-6727-4f4f-bab1-7e7e30336454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23649", "type": "seen", "source": "https://t.me/ctinow/173029", "content": "https://ift.tt/O7pDvGI\nCVE-2024-23649", "creation_timestamp": "2024-01-24T19:27:01.000000Z"}, {"uuid": "cb16f0ae-7acf-4b24-b4c2-a93fc9140309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23648", "type": "seen", "source": "https://t.me/ctinow/173028", "content": "https://ift.tt/9tR6Xen\nCVE-2024-23648", "creation_timestamp": "2024-01-24T19:26:57.000000Z"}, {"uuid": "cfd2e7fa-3d11-4e0d-b24f-9f478f7fb11a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23641", "type": "seen", "source": "https://t.me/ctinow/172985", "content": "https://ift.tt/WpxqdPK\nCVE-2024-23641", "creation_timestamp": "2024-01-24T18:26:32.000000Z"}, {"uuid": "38cd5cbe-8fd1-498a-9ebc-5b5752f6907e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23646", "type": "seen", "source": "https://t.me/ctinow/173097", "content": "https://ift.tt/hWuFjmK\nCVE-2024-23646", "creation_timestamp": "2024-01-24T21:26:38.000000Z"}, {"uuid": "d80b20e4-04d3-4d74-9447-329df1d774e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23644", "type": "seen", "source": "https://t.me/ctinow/173096", "content": "https://ift.tt/EUZ3u5q\nCVE-2024-23644", "creation_timestamp": "2024-01-24T21:26:37.000000Z"}]}