{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47180", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-19T22:32:11.962Z", "datePublished": "2024-09-26T19:21:04.584Z", "dateUpdated": "2024-09-26T19:47:50.375Z"}, "containers": {"cna": {"title": "Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445"}, {"name": "https://github.com/badges/shields/issues/10553", "tags": ["x_refsource_MISC"], "url": "https://github.com/badges/shields/issues/10553"}, {"name": "https://github.com/badges/shields/pull/10551", "tags": ["x_refsource_MISC"], "url": "https://github.com/badges/shields/pull/10551"}, {"name": "https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2", "tags": ["x_refsource_MISC"], "url": "https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2"}], "affected": [{"vendor": "badges", "product": "shields", "versions": [{"version": "< server-2024-09-25", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-26T19:21:04.584Z"}, "descriptions": [{"lang": "en", "value": "Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed."}], "source": {"advisory": "GHSA-rxvx-x284-4445", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "badges", "product": "shields", "cpes": ["cpe:2.3:a:badges:shields:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "server-2024-09-25", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T19:45:53.317118Z", "id": "CVE-2024-47180", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:47:50.375Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47180", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-26T19:45:53.317118Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:badges:shields:*:*:*:*:*:*:*:*"], "vendor": "badges", "product": "shields", "versions": [{"status": "affected", "version": "0", "lessThan": "server-2024-09-25", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:47:44.590Z"}}], "cna": {"title": "Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges", "source": {"advisory": "GHSA-rxvx-x284-4445", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "badges", "product": "shields", "versions": [{"status": "affected", "version": "< server-2024-09-25"}]}], "references": [{"url": "https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445", "name": "https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/badges/shields/issues/10553", "name": "https://github.com/badges/shields/issues/10553", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/badges/shields/pull/10551", "name": "https://github.com/badges/shields/pull/10551", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2", "name": "https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-26T19:21:04.584Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47180", "state": "PUBLISHED", "dateUpdated": "2024-09-26T19:47:50.375Z", "dateReserved": "2024-09-19T22:32:11.962Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-26T19:21:04.584Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed."}, {"lang": "es", "value": "Shields.io es un servicio para insignias concisas, consistentes y legibles en formato SVG y raster. Shields.io y los usuarios que alojan por s\u00ed mismos su propia instancia de escudos usando la versi\u00f3n &lt; `server-2024-09-25` son vulnerables a una vulnerabilidad de ejecuci\u00f3n remota a trav\u00e9s de la librer\u00eda JSONPath utilizada por las insignias Dynamic JSON/Toml/Yaml. Esta vulnerabilidad permitir\u00eda a cualquier usuario con acceso hacer una solicitud a una URL en la instancia con la capacidad de ejecutar c\u00f3digo mediante la creaci\u00f3n de una expresi\u00f3n JSONPath maliciosa. Todos los usuarios que alojan por s\u00ed mismos una instancia son vulnerables. Este problema se solucion\u00f3 en server-2024-09-25. Aquellos que siguen las versiones etiquetadas deben actualizar a `server-2024-09-25` o posterior. Aquellos que siguen la etiqueta continua en DockerHub, `docker pull shieldsio/shields:next` para actualizar a la \u00faltima versi\u00f3n. Como workaround, bloquear el acceso a los endpoints `/badge/dynamic/json`, `/badge/dynamic/toml` y `/badge/dynamic/yaml` (por ejemplo: a trav\u00e9s de un firewall o proxy inverso frente a su instancia) evitar\u00eda que se acceda a los endpoints explotables."}], "id": "CVE-2024-47180", "lastModified": "2024-09-30T12:46:20.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-26T20:15:07.310", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2"}, {"source": "security-advisories@github.com", "url": "https://github.com/badges/shields/issues/10553"}, {"source": "security-advisories@github.com", "url": "https://github.com/badges/shields/pull/10551"}, {"source": "security-advisories@github.com", "url": "https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}