In GitLab versions from 16.10.0 to 16.11.3 a low severity vulnerability CVE-2024-5469 was detected. This vulnerability allows attackers to crash KAS via crafted gRPC requests. There is no solution for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5469/.
Read more Developer Tools
In WooCommerce 8.8 a medium severity vulnerability CVE-2024-37297 was detected. Attackers can exploit links to add harmful code that steals browser data. The Sourcebuster.js library reads and improperly inserts URL content into forms. To address this issue, users should update WooCommerce to versions 8.8.5 or 8.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37297.
Read more E-commerce
In Kibana versions from 8.6.3 through 8.13.4 a medium severity vulnerability CVE-2024-37279 was detected. The vulnerability allows users who only have permission to view alerting features to improperly use the run_soon API. This could lead to alerting rules with complex queries running continuously, which can slow down the system. To address this issue, users should upgrade to version 8.14.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37279.
Read more Data Analytics
In MongoDB Server versions before 7.0.6, 6.0.14, and 5.0.25 a high severity vulnerability CVE-2024-3372 was detected. Improper metadata validation can cause MongoDB Server to incorrectly serialize BSON, resulting in unexpected behavior and serverStatus response issues. To address this issue, users should upgrade MongoDB to version 5.0.25, 6.0.14, 7.0.6, 7.2.1 or higher For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-3372.
Read more Database
In the HTTP server of the latest Node.js version a medium severity vulnerability CVE-2024-27982 was detected. This vulnerability affects the way the server processes headers. If an attacker adds a space before the “content-length” header, the server misinterprets it. This mistake lets attackers hide a second request inside the first one, which can lead to HTTP request smuggling. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-27982.
Read more Application Development
In SuiteCRM versions prior to 7.14.4 and prior to 8.6.1 a critical severity vulnerability CVE-2024-36410 was detected. Poor input validation in the EmailUIAjax messages count controller lets attackers exploit the system by inserting harmful SQL commands. This issue was resolved in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36410/.
Read more CRM
In Strapi versions prior to 4.24.2 a high severity vulnerability CVE-2024-34065 was detected. Attackers can bypass authentication and steal third-party tokens with just one click. Upgrade to version 4.24.2 to fix this. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34065/.
Read more Application Development
In Strapi a medium severity vulnerability CVE-2024-31217 was detected. This vulnerability allows attackers to upload the media and cause the server to crash without restarting. To address this issue users should upgrade Strapi to version 4.22.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-31217/.
Read more Application Development
In SuiteCRM version 8.6.1 a medium severity vulnerability CVE-2024-36419 was detected. This vulnerability allows attackers to simplify phishing attacks. To address this issue, users must install a patch in version 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36419/.
Read more CRM