Our news and updates

In GitLab versions 15.9 before 17.0.6, 17.1 to 17.1.4, 17.2 to 17.2.2 a medium severity vulnerability CVE-2024-7610 was detected. This vulnerability allows an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. To address the issue, users should upgrade GitLab to version 17.2.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7610.

In Django versions 5.0 before 5.0.8 and 4.2 before 4.2.15 a high severity vulnerability CVE-2024-41991 was detected. This vulnerability allows attackers to overload the system with a large amount of text, causing it to slow down or stop working. To fix this problem, users should upgrade Django to versions 4.2.15, 5.0.8 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41991.

In Jenkins versions 2.470 and earlier, LTS 2.452.3 and earlier a high severity vulnerability CVE-2024-43044 was detected. This vulnerability allows attackers to access and read any files on the main Jenkins server, potentially exposing sensitive information. To fix this problem, users should upgrade Jenkins to versions 2.471, LTS 2.452.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43044.

In Django versions 5.0 before 5.0.8 and 4.2 before 4.2.15 a high severity vulnerability CVE-2024-41990 was detected. This vulnerability allows attackers to crash the system or make it unresponsive by sending enormous amounts of data with certain patterns. To fix this problem, users should upgrade Django to versions 5.0.8 and 4.2.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41990.

In Django versions 5.0 before 5.0.8 and 4.2 before 4.2.15 a high severity vulnerability CVE-2024-41989 was detected. This vulnerability allows attackers to slow down or crash the system by sending a special number that uses a lot of memory. To fix this problem, users should upgrade Django to versions 5.0.8 and 4.2.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41989.

In Jenkins 2.470 and earlier, LTS 2.452.3 and earlier a medium severity vulnerability CVE-2024-43045 was detected. The application skips a permission check on an HTTP endpoint, letting attackers with Overall/Read access view other users’ “My Views.” In Jenkins 2.471, LTS 2.452.4, and LTS 2.462.1, access to a user’s “My Views” is restricted to the owning user and administrators. To address this issue, users should upgrade to versions 2.471-r0 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43045.

In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a high severity Server-Side Request Forgery (SSRF) vulnerability CVE-2024-34111 was detected. This vulnerability allows attackers to force the application to make arbitrary requests, potentially leading to arbitrary file system reads. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34111.

In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a high severity vulnerability CVE-2024-34108 was detected. This improper input validation vulnerability allows attackers to execute arbitrary code within the context of the current user. Although no user interaction is required for exploitation, admin privileges are needed, and the scope of the attack is changed. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34108.

In Magento versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a critical severity vulnerability CVE-2024-34107 was detected. This vulnerability relates to improper access control and allows attackers to bypass security measures and view minor unauthorized information. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34107.