Home > Vulnerability Database > CVE-2024-24683

Mend.io Vulnerability Database

CVE-2024-24683

Good to know:

Date: March 19, 2024

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client.

Language: Java

Severity Score

4.3

Related Resources (4)

Url: http://www.openwall.com/lists/oss-security/2024/03/18/1

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24683

Url: https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6t

Url: https://www.mend.io/vulnerability-database/CVE-2024-24683

Severity Score

4.3

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version org.apache.hop:hop-engine:2.8.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24683

Good to know:

Date: March 19, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?