Home > Vulnerability Database > CVE-2024-56333

Mend.io Vulnerability Database

CVE-2024-56333

Date: December 20, 2024

Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks. This issue has been patched in api versions 4.2.0, 3.1.1, and 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Java

Severity Score

8.8

Related Resources (4)

Url: https://docs.onyxia.sh/vulnerability-disclosure/known-vulnerabilities/vulnerability-20241219

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-56333

Url: https://github.com/InseeFrLab/onyxia/security/advisories/GHSA-qmcw-h4f9-j3h3

Url: https://www.mend.io/vulnerability-database/CVE-2024-56333

Severity Score

8.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-56333

Date: December 20, 2024

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?