{"vulnerability": "cve-2024-5399", "sightings": [{"uuid": "67d275e0-c958-4fee-a0d8-316a036efcda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53999", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113589662202793796", "content": "", "creation_timestamp": "2024-12-03T15:44:55.864752Z"}, {"uuid": "0161bc1e-6302-4d78-ad6d-28965b0fa043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53991", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldoosmnces2r", "content": "", "creation_timestamp": "2024-12-19T20:15:34.349562Z"}, {"uuid": "f0710e31-fc7c-402e-9b10-2fb446cb4d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53991", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681106551870483", "content": "", "creation_timestamp": "2024-12-19T19:20:25.759505Z"}, {"uuid": "359041bb-cdd7-48e8-9729-7271de2a3a7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53991", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681119447478911", "content": "", "creation_timestamp": "2024-12-19T19:23:42.612679Z"}, {"uuid": "f79ebede-f940-4ac3-b789-21349e662657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53995", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794702049318099", "content": "", "creation_timestamp": "2025-01-08T20:49:17.462620Z"}, {"uuid": "366b22e1-fa4d-4c37-8d3b-5b6be7dd8b62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53995", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfb3incelu27", "content": "", "creation_timestamp": "2025-01-08T21:15:42.794789Z"}, {"uuid": "2da88b30-97ab-41d8-acf5-5632db409d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53995", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfb5cz3ykd2k", "content": "", "creation_timestamp": "2025-01-08T21:48:21.323914Z"}, {"uuid": "c704ab66-5d89-446b-a1f3-6e6050910ffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53996", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpuby47hb2f", "content": "", "creation_timestamp": "2025-01-14T18:16:39.082176Z"}, {"uuid": "2c3b31b0-c189-473c-8fb4-4cf7f30c302a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53990", "type": "seen", "source": "https://gist.github.com/ton77v/932a3f8b5d57d2625b31328796a3cf30", "content": "", "creation_timestamp": "2025-02-01T06:22:08.000000Z"}, {"uuid": "ad9ea1da-024e-43f6-a22c-175ed169f1ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53994", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113947708468156282", "content": "", "creation_timestamp": "2025-02-04T21:20:48.335013Z"}, {"uuid": "45807167-8301-4ff8-83d9-a777b082964b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53994", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhf3hua6gm2j", "content": "", "creation_timestamp": "2025-02-04T22:16:18.851222Z"}, {"uuid": "f99e1c64-0cd4-4884-a656-51c1f4513656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53994", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhfjcgbgor2f", "content": "", "creation_timestamp": "2025-02-05T02:23:48.898340Z"}, {"uuid": "486771e8-aa5b-433c-a678-b6e0b0579cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53991", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-53991.yaml", "content": "", "creation_timestamp": "2025-03-20T11:10:00.000000Z"}, {"uuid": "84d1c7f7-50b2-4b1e-a474-dd187c9df575", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53991", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/114197151380174688", "content": "", "creation_timestamp": "2025-03-20T22:37:26.199108Z"}, {"uuid": "eb62d50e-d536-4056-99f7-24f480ebd975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53991", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lkuts7ja4h2r", "content": "", "creation_timestamp": "2025-03-21T08:57:06.927278Z"}, {"uuid": "c9e9a7e7-32bb-4868-8691-a721409c5373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53995", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/837", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-53995\n\ud83d\udd39 Description: SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.\n\ud83d\udccf Published: 2025-01-08T20:44:53.785Z\n\ud83d\udccf Modified: 2025-01-08T20:44:53.785Z\n\ud83d\udd17 References:\n1. https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/\n2. https://github.com/SickChill/sickchill/pull/8811\n3. https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82\n4. https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33", "creation_timestamp": "2025-01-08T21:13:41.000000Z"}, {"uuid": "943cd9e0-a197-4c15-b559-7502390691bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53995", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-53995.yaml", "content": "", "creation_timestamp": "2025-11-20T15:27:28.000000Z"}, {"uuid": "bce04eed-ee80-466c-bf72-b3ce3cc6d2d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53995", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m6fpxidtz72w", "content": "", "creation_timestamp": "2025-11-24T21:02:25.785466Z"}, {"uuid": "4113eb83-eed0-48f0-b798-cbb8dcbc2abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53992", "type": "seen", "source": "https://t.me/cvedetector/11801", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53992 - unzip-bot is a Telegram bot to extract various typ\", \n  \"Content\": \"CVE ID : CVE-2024-53992 \nPublished : Dec. 2, 2024, 5:15 p.m. | 51\u00a0minutes ago \nDescription : unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T19:35:44.000000Z"}, {"uuid": "16a2739b-5661-40fa-b455-8bbb59a62c11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53991", "type": "seen", "source": "https://t.me/cvedetector/13369", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53991 - Discourse Local File Backup Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-53991 \nPublished : Dec. 19, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or  2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T22:20:50.000000Z"}, {"uuid": "05fb0913-3211-40ff-aa72-6d86f9e54ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53999", "type": "seen", "source": "https://t.me/cvedetector/11888", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53999 - \"Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-53999 \nPublished : Dec. 3, 2024, 4:15 p.m. | 37\u00a0minutes ago \nDescription : Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the \"Diff or Compare\" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T18:10:18.000000Z"}, {"uuid": "1553e5aa-a4e5-4bca-adda-ba1ccca409d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53990", "type": "seen", "source": "https://t.me/cvedetector/11811", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53990 - Apache AsyncHttpClient Cookie Store Cookie Overwrite Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53990 \nPublished : Dec. 2, 2024, 6:15 p.m. | 58\u00a0minutes ago \nDescription : The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-02T20:26:02.000000Z"}, {"uuid": "02de514c-9591-4420-b2f2-e54504dd4dc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53994", "type": "seen", "source": "https://t.me/cvedetector/17243", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53994 - \"Discourse Unpatched Chat Preference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-53994 \nPublished : Feb. 4, 2025, 10:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T00:45:44.000000Z"}, {"uuid": "b2771d86-8d31-498a-9ba6-671aa24d3112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-53995", "type": "seen", "source": "https://t.me/cvedetector/14740", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-53995 - SickChill Open Redirect Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-53995 \nPublished : Jan. 8, 2025, 9:15 p.m. | 36\u00a0minutes ago \nDescription : SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T23:21:23.000000Z"}, {"uuid": "0a0b3364-251f-4828-a683-ba6f0b0a50ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-53990", "type": "published-proof-of-concept", "source": "https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv", "content": "", "creation_timestamp": "2024-12-02T15:43:51.000000Z"}, {"uuid": "1edc5159-d580-4e0f-8522-76b78aa2d827", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-53999", "type": "published-proof-of-concept", "source": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-5jc6-h9w7-jm3p", "content": "", "creation_timestamp": "2024-12-03T06:29:29.000000Z"}]}