cvelistv5 - cve-2024-31573

CVE-2024-31573 (GCVE-0-2024-31573)

Vulnerability from cvelistv5 – Published: 2025-10-17 00:00 – Updated: 2025-10-17 19:04

Summary

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

Severity ?

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-669 - Incorrect Resource Transfer Between Spheres

Assigner

mitre

References

URL

Tags

	https://github.com/advisories/GHSA-chfm-68vv-pvw5
	https://github.com/xmlunit/xmlunit/issues/264
	https://github.com/xmlunit/xmlunit/commit/b81d48b…

Impacted products

	Vendor	Product	Version
	XMLUnit	XMLUnit for Java	Affected: 2.0.0 , < 2.10.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31573",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-17T19:03:35.746491Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-17T19:04:05.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/xmlunit/xmlunit/issues/264"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "XMLUnit for Java",
          "vendor": "XMLUnit",
          "versions": [
            {
              "lessThan": "2.10.0",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-17T18:38:55.242Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/advisories/GHSA-chfm-68vv-pvw5"
        },
        {
          "url": "https://github.com/xmlunit/xmlunit/issues/264"
        },
        {
          "url": "https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-31573",
    "datePublished": "2025-10-17T00:00:00.000Z",
    "dateReserved": "2024-04-05T00:00:00.000Z",
    "dateUpdated": "2025-10-17T19:04:05.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-31573\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-10-17T19:15:36.627\",\"lastModified\":\"2025-10-21T19:31:50.020\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-669\"}]}],\"references\":[{\"url\":\"https://github.com/advisories/GHSA-chfm-68vv-pvw5\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/xmlunit/xmlunit/issues/264\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/xmlunit/xmlunit/issues/264\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31573\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-17T19:03:35.746491Z\"}}}], \"references\": [{\"url\": \"https://github.com/xmlunit/xmlunit/issues/264\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-17T19:03:52.228Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"XMLUnit\", \"product\": \"XMLUnit for Java\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"2.10.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://github.com/advisories/GHSA-chfm-68vv-pvw5\"}, {\"url\": \"https://github.com/xmlunit/xmlunit/issues/264\"}, {\"url\": \"https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-669\", \"description\": \"CWE-669 Incorrect Resource Transfer Between Spheres\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-10-17T18:38:55.242Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-31573\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-17T19:04:05.637Z\", \"dateReserved\": \"2024-04-05T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-10-17T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-CHFM-68VV-PVW5

Vulnerability from github – Published: 2024-05-01 16:40 – Updated: 2024-05-01 16:40

Summary

XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets

Details

Impact

When performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If the stylesheet can be provided externally this may even lead to a remote code execution.

Patches

Users are advised to upgrade to XMLUnit for Java 2.10.0 where the default has been changed by means of https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b

Workarounds

XMLUnit's main use-case is performing tests on code that generates or processes XML. Most users will not use it to perform arbitrary XSLT transformations.

Users running XSLT transformations with untrusted stylesheets should explicitly use XMLUnit's APIs to pass in a pre-configured TraX TransformerFactory with extension functions disabled via features and attributes. The required setFactory or setTransformerFactory methods have been available since XMLUnit for Java 2.0.0.

References

Bug Report JAXP Security Guide

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xmlunit:xmlunit-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-31573"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-01T16:40:01Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\nWhen performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who\u0027s source can not be trusted. If the stylesheet can be provided externally this may even lead to a remote code execution.\n\n## Patches\nUsers are advised to upgrade to XMLUnit for Java 2.10.0 where the default has been changed by means of https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b\n\n### Workarounds\nXMLUnit\u0027s main use-case is performing tests on code that generates or processes XML. Most users will not use it to perform arbitrary XSLT transformations.\n\nUsers running XSLT transformations with untrusted stylesheets should explicitly use XMLUnit\u0027s APIs to pass in a pre-configured TraX `TransformerFactory` with extension functions disabled via features and attributes. The required `setFactory` or `setTransformerFactory` methods have been available since XMLUnit for Java 2.0.0.\n\n### References\n[Bug Report](https://github.com/xmlunit/xmlunit/issues/264)\n[JAXP Security Guide](https://docs.oracle.com/en/java/javase/22/security/java-api-xml-processing-jaxp-security-guide.html#GUID-E345AA09-801E-4B95-B83D-7F0C452538AA)\n",
  "id": "GHSA-chfm-68vv-pvw5",
  "modified": "2024-05-01T16:40:01Z",
  "published": "2024-05-01T16:40:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xmlunit/xmlunit/security/advisories/GHSA-chfm-68vv-pvw5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmlunit/xmlunit/issues/264"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b"
    },
    {
      "type": "WEB",
      "url": "https://docs.oracle.com/en/java/javase/22/security/java-api-xml-processing-jaxp-security-guide.html#GUID-E345AA09-801E-4B95-B83D-7F0C452538AA"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xmlunit/xmlunit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets"
}

MSRC_CVE-2024-31573

Vulnerability from csaf_microsoft - Published: 2025-10-02 00:00 - Updated: 2025-10-19 01:01

Summary

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-31573 XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-31573.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.",
    "tracking": {
      "current_release_date": "2025-10-19T01:01:21.000Z",
      "generator": {
        "date": "2025-10-22T22:49:11.235Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-31573",
      "initial_release_date": "2025-10-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-19T01:01:21.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "category": "product_name",
            "name": "cbl2 javapackages-bootstrap 1.5.0-7",
            "product": {
              "name": "cbl2 javapackages-bootstrap 1.5.0-7",
              "product_id": "1"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 javapackages-bootstrap 1.14.0-3",
            "product": {
              "name": "azl3 javapackages-bootstrap 1.14.0-3",
              "product_id": "2"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 javapackages-bootstrap 1.5.0-7 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 javapackages-bootstrap 1.14.0-3 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-31573",
      "cwe": {
        "id": "CWE-669",
        "name": "Incorrect Resource Transfer Between Spheres"
      },
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17086-1",
            "17084-2"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "17086-1",
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-31573 XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-31573.json"
        }
      ],
      "title": "XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled."
    }
  ]
}

FKIE_CVE-2024-31573

Vulnerability from fkie_nvd - Published: 2025-10-17 19:15 - Updated: 2025-10-21 19:31

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

References

	URL	Tags
	cve@mitre.org	https://github.com/advisories/GHSA-chfm-68vv-pvw5
	cve@mitre.org	https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b
	cve@mitre.org	https://github.com/xmlunit/xmlunit/issues/264
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/xmlunit/xmlunit/issues/264

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled."
    }
  ],
  "id": "CVE-2024-31573",
  "lastModified": "2025-10-21T19:31:50.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 2.5,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-17T19:15:36.627",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/advisories/GHSA-chfm-68vv-pvw5"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/xmlunit/xmlunit/issues/264"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/xmlunit/xmlunit/issues/264"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-669"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}

GSD-2024-31573

Vulnerability from gsd - Updated: 2024-04-11 05:03

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-31573

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-31573"
      ],
      "id": "GSD-2024-31573",
      "modified": "2024-04-11T05:03:20.658120Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-31573",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-31573 (GCVE-0-2024-31573)

GHSA-CHFM-68VV-PVW5

Impact

Patches

Workarounds

References

MSRC_CVE-2024-31573

FKIE_CVE-2024-31573

GSD-2024-31573

Tags

Sightings

Nomenclature