Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 21 May 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Tue, 19 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Jpress
Jpress jpress
Weaknesses CWE-94
CPEs cpe:2.3:a:jpress:jpress:*:*:*:*:*:*:*:*
Vendors & Products Jpress
Jpress jpress
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 18 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Description Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-11-19T15:16:25.828Z

Reserved: 2024-10-28T00:00:00

Link: CVE-2024-50919

cve-icon Vulnrichment

Updated: 2024-11-19T15:16:20.511Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-18T20:15:05.650

Modified: 2025-05-21T18:06:38.037

Link: CVE-2024-50919

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.