cvelistv5 - cve-2024-28335

Source	URL	Tags
cve@mitre.org	https://brave.com/privacy-updates/27-localhost-permission/
cve@mitre.org	https://cxsecurity.com/issue/WLB-2024030043
cve@mitre.org	https://getlektor.com/docs/quickstart
cve@mitre.org	https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800
cve@mitre.org	https://github.com/lektor/lektor/releases/tag/v3.3.11
cve@mitre.org	https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html

Vendor	Product
n/a	n/a

ghsa-wv28-7fpw-fj49

Vulnerability from github

Published

2024-03-27 06:30

Modified

2024-08-06 18:51

Severity

9.1 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.3 (Critical) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Summary

Lektor does not sanitize database path traversal

Details

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Lektor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Lektor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0b1"
            },
            {
              "fixed": "3.4.0b11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-28335"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-27T21:59:55Z",
    "nvd_published_at": "2024-03-27T06:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim\u0027s web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the \"lektor server\" command.",
  "id": "GHSA-wv28-7fpw-fj49",
  "modified": "2024-08-06T18:51:02Z",
  "published": "2024-03-27T06:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28335"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lektor/lektor/commit/7393d87bd354e43120937789956175064e4610a0"
    },
    {
      "type": "WEB",
      "url": "https://brave.com/privacy-updates/27-localhost-permission"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2024030043"
    },
    {
      "type": "WEB",
      "url": "https://getlektor.com/docs/quickstart"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lektor/lektor/releases/tag/v3.3.11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/lektor/PYSEC-2024-49.yaml"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Lektor does not sanitize database path traversal"
}

gsd-2024-28335

Vulnerability from gsd

Modified

2024-03-08 06:02

Details

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.

Aliases

CVE-2024-28335

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-28335"
      ],
      "details": "Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim\u0027s web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the \"lektor server\" command.",
      "id": "GSD-2024-28335",
      "modified": "2024-03-08T06:02:46.436186Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-28335",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim\u0027s web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the \"lektor server\" command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800",
            "refsource": "MISC",
            "url": "https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800"
          },
          {
            "name": "https://github.com/lektor/lektor/releases/tag/v3.3.11",
            "refsource": "MISC",
            "url": "https://github.com/lektor/lektor/releases/tag/v3.3.11"
          },
          {
            "name": "https://cxsecurity.com/issue/WLB-2024030043",
            "refsource": "MISC",
            "url": "https://cxsecurity.com/issue/WLB-2024030043"
          },
          {
            "name": "https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html"
          },
          {
            "name": "https://getlektor.com/docs/quickstart",
            "refsource": "MISC",
            "url": "https://getlektor.com/docs/quickstart"
          },
          {
            "name": "https://brave.com/privacy-updates/27-localhost-permission/",
            "refsource": "MISC",
            "url": "https://brave.com/privacy-updates/27-localhost-permission/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim\u0027s web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the \"lektor server\" command."
          },
          {
            "lang": "es",
            "value": "Lektor anterior a 3.3.11 no sanitiza el path traversal de la base de datos. Por lo tanto, los comandos de shell pueden ejecutarse a trav\u00e9s de un archivo que se agrega al directorio de plantillas, si el navegador web de la v\u00edctima accede a un sitio web que no es de confianza y que usa JavaScript para enviar solicitudes al puerto localhost 5000, y el navegador web se ejecuta en la misma m\u00e1quina que el Comando \"servidor lector\"."
          }
        ],
        "id": "CVE-2024-28335",
        "lastModified": "2024-03-27T12:29:30.307",
        "metrics": {},
        "published": "2024-03-27T06:15:19.447",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "https://brave.com/privacy-updates/27-localhost-permission/"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://cxsecurity.com/issue/WLB-2024030043"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://getlektor.com/docs/quickstart"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://github.com/lektor/lektor/releases/tag/v3.3.11"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

pysec-2024-49

Vulnerability from pysec

Published

2024-03-27 06:15

Modified

2024-03-27 11:18

Details

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.

Aliases

CVE-2024-28335

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "lektor",
        "purl": "pkg:pypi/lektor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.96",
        "1.0",
        "1.1",
        "1.2",
        "1.2.1",
        "2.0",
        "2.1",
        "2.2",
        "2.3",
        "3.0",
        "3.0.1",
        "3.1",
        "3.1.0.dev1",
        "3.1.1",
        "3.1.2",
        "3.1.3",
        "3.2.0",
        "3.2.1",
        "3.2.2",
        "3.2.3",
        "3.2.dev0",
        "3.3.0",
        "3.3.1",
        "3.3.10",
        "3.3.2",
        "3.3.3",
        "3.3.4",
        "3.3.5",
        "3.3.6",
        "3.3.7",
        "3.3.8",
        "3.3.9"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-28335"
  ],
  "details": "Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim\u0027s web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the \"lektor server\" command.",
  "id": "PYSEC-2024-49",
  "modified": "2024-03-27T11:18:36.506150+00:00",
  "published": "2024-03-27T06:15:00+00:00",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/lektor/lektor/pull/1179/commits/8f38b9713d152622b69ff5e3b1e6a0d7bb7fa800"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lektor/lektor/releases/tag/v3.3.11"
    },
    {
      "type": "WEB",
      "url": "https://cxsecurity.com/issue/WLB-2024030043"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/177708/Lektor-Static-CMS-3.3.10-Arbitrary-File-Upload-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "https://getlektor.com/docs/quickstart"
    },
    {
      "type": "WEB",
      "url": "https://brave.com/privacy-updates/27-localhost-permission/"
    }
  ]
}

Action not permitted

cve-2024-28335

Vulnerability from cvelistv5

ghsa-wv28-7fpw-fj49

Vulnerability from github

gsd-2024-28335

Vulnerability from gsd

pysec-2024-49

Vulnerability from pysec

Tags