In Django versions 5.0 to 5.0.7 and 4.2 to 4.2.14 a low severity vulnerability CVE-2024-38875 was detected. This vulnerability allows attackers to cause a denial of service attack via certain inputs with a very large number of brackets. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38875/.
Read more Application Development
In the OpenSearch Dashboards Reporting plugin a medium severity vulnerability CVE-2024-39900 was detected. A ‘Report Owner’ can export and share reports from OpenSearch Dashboards, potentially accessing private tenant resources like notebooks. The system didn’t verify if the user was the resource author, leading to possible unauthorized data exposure. This issue is fixed in OpenSearch version 2.14. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39900.
Read more Data Analytics
In Airbyte versions till 0.62.2 a high severity vulnerability CVE-2024-38363 was detected. This vulnerability allows attackers to execute arbitrary code on the server as the web server user. To address this issue, users must update to version 0.62.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38363/.
Read more Data Analytics
In Django versions before 4.2.14 and 5.0.7 a low severity vulnerability CVE-2024-39614 was detected. This vulnerability allows attackers to cause denial of service by using specific characters in long strings. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39614/.
Read more Application Development
In Django versions before 4.2.14 and 5.0.7 a low severity vulnerability CVE-2024-39330 was detected. This vulnerability allows attackers to traverse the directory via certain inputs. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39330/.
Read more Application Development
In Next.js versions prior to 13.5 a high severity vulnerability CVE-2024-39693 was detected. This vulnerability could crash servers, impacting their availability. To address this issue users should upgrade to versions 13.5 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39693.
Read more Application Development
In Node.js a medium severity vulnerability CVE-2024-22020 was detected. This vulnerability allows bypassing network import restrictions by embedding non-network imports in data URLs, enabling arbitrary code execution. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22020.
In Joomla versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 a low severity vulnerability CVE-2024-26279 was detected. This vulnerability allows attackers to access sensitive data via cross-scripting. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-26279/.
Read more CMS
In Joomla versions from 3.7.0 through 3.10.15, from 4.0.0 through 4.4.5, and from 5.0.0 through 5.1.1 a medium severity vulnerability CVE-2024-26278 was detected. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data theft. To fix this problem, users should upgrade Joomla to one of the following versions 3.10.16, 4.4.6, or 5.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-26278.