CVE-2024-57189 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-57189

CVE-2024-57189

June 10, 2025

In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.

Affected Packages

https://github.com/erxes/erxes.git (GITHUB):

Affected version(s) >=0.1.0 <1.6.2

Fix Suggestion:

Update to version 1.6.2

erxes (NPM):

Affected version(s) >=0.0.1 <1.6.2

Fix Suggestion:

Update to version 1.6.2

Related Resources (5)

https://github.com/erxes/erxes/commit/d626070a0fcd435ae29e689aca051ccfb440c2f3

https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices

https://nvd.nist.gov/vuln/detail/CVE-2024-57189

https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/

https://github.com/erxes/erxes

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Path Traversal: '../filedir'

CWE-24

EPSS

Base Score:

0.12

Products

Solutions

Resources

Company

Compare

Developer Tools