A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Wed, 11 Dec 2024 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Datax-web Project
Datax-web Project datax-web
CPEs cpe:2.3:a:datax-web_project:datax-web:2.1.1:*:*:*:*:*:*:*
Vendors & Products Datax-web Project
Datax-web Project datax-web

Mon, 09 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Weiye-jing
Weiye-jing datax-web
CPEs cpe:2.3:a:weiye-jing:datax-web:*:*:*:*:*:*:*:*
Vendors & Products Weiye-jing
Weiye-jing datax-web
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Dec 2024 04:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title WeiYe-Jing datax-web add os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-09T04:31:11.396Z

Updated: 2024-12-09T19:57:29.558Z

Reserved: 2024-12-08T20:40:24.617Z

Link: CVE-2024-12358

cve-icon Vulnrichment

Updated: 2024-12-09T19:57:25.162Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-09T05:15:07.320

Modified: 2024-12-10T23:34:20.467

Link: CVE-2024-12358

cve-icon Redhat

No data.