Home > Vulnerability Database > CVE-2024-41961

Mend.io Vulnerability Database

CVE-2024-41961

Date: August 1, 2024

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an "eval" sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.

Language: Ruby

Severity Score

9.6

Related Resources (5)

Url: https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d

Url: https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q

Url: https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41961

Url: https://www.mend.io/vulnerability-database/CVE-2024-41961

Severity Score

9.6

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41961

Date: August 1, 2024

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?