Home > Vulnerability Database > CVE-2024-53982

Mend.io Vulnerability Database

CVE-2024-53982

Date: December 4, 2024

ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is performed in this parameter, which allows an attacker to fully control the file which is returned in the response. Patch was committed in November 22nd, 2024.

Language: C

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53982

Url: https://github.com/ZOO-Project/ZOO-Project/security/advisories/GHSA-93rv-45r8-h5j4

Url: https://github.com/ZOO-Project/ZOO-Project/commit/641cb18fec58de43a3468f314e5f8808c560e6d9

Url: https://www.mend.io/vulnerability-database/CVE-2024-53982

Severity Score

7.5

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53982

Date: December 4, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?