Home > Vulnerability Database > CVE-2024-28114

Mend.io Vulnerability Database

CVE-2024-28114

Good to know:

Date: March 12, 2024

Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Python

Severity Score

8.1

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-28114

Url: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection

Url: https://github.com/peering-manager/peering-manager/commit/8a865fb596c11ad7caf45aef317d8fcbce7f85ff

Url: https://github.com/peering-manager/peering-manager/security/advisories/GHSA-q37x-qfrx-jcv6

Url: https://owasp.org/www-community/attacks/Command_Injection

Url: https://stackoverflow.com/questions/73939573/how-to-sanitise-string-of-python-code-with-python

Url: https://www.mend.io/vulnerability-database/CVE-2024-28114

Severity Score

8.1

Weakness Type (CWE)

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version v1.8.3

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-28114

Good to know:

Date: March 12, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?