Common Weakness Enumeration

CWE-913

Allowed-with-Review

Improper Control of Dynamically-Managed Code Resources

Abstraction: Class · Status: Incomplete

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

159 vulnerabilities reference this CWE, most recent first.

CVE-2025-13426 (GCVE-0-2025-13426)

Vulnerability from cvelistv5 – Published: 2025-12-05 21:27 – Updated: 2025-12-08 17:27
VLAI
Title
Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution
Summary
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading to unauthorized access to data, lateral movement within the network, and access to backend systems. The Apigee hybrid versions below have all been updated to protect from this vulnerability: * Hybrid_1.11.2+ * Hybrid_1.12.4+ * Hybrid_1.13.3+ * Hybrid_1.14.1+ * OPDK_5202+ * OPDK_5300+
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
Impacted products
Vendor Product Version
Google Cloud Apigee hybrid Javacallout policy Affected: 0 , < Hybrid_1.11.2 (custom)
Affected: 0 , < Hybrid_1.12.4 (custom)
Affected: 0 , < Hybrid_1.13.3 (custom)
Affected: 0 , < Hybrid_1.14.1 (custom)
Affected: 0 , < OPDK_5202 (custom)
Affected: 0 , < OPDK_5300 (custom)
Create a notification for this product.
Credits
Nikita Markevich
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13426",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-08T17:27:37.360144Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-08T17:27:42.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apigee hybrid Javacallout policy",
          "vendor": "Google Cloud",
          "versions": [
            {
              "lessThan": "Hybrid_1.11.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "Hybrid_1.12.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "Hybrid_1.13.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "Hybrid_1.14.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "OPDK_5202",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "OPDK_5300",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nikita Markevich"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability exists in Google \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.apigee.com/api-platform/reference/policies/java-callout-policy\"\u003eApigee\u0027s JavaCallout policy\u003c/a\u003e that allows for remote code execution.\u003c/p\u003eIt is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime,\u0026nbsp;leading to unauthorized access to data, lateral movement within the network, and access to backend systems.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eThe Apigee hybrid versions below have all been updated to protect from this vulnerability:\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cul\u003e\u003cli\u003eHybrid_1.11.2+\u003c/li\u003e\u003cli\u003eHybrid_1.12.4+\u003c/li\u003e\u003cli\u003eHybrid_1.13.3+\u003c/li\u003e\u003cli\u003eHybrid_1.14.1+\u003c/li\u003e\u003cli\u003eOPDK_5202+\u003c/li\u003e\u003cli\u003eOPDK_5300+\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "A vulnerability exists in Google  Apigee\u0027s JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy  that allows for remote code execution.\n\nIt is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime,\u00a0leading to unauthorized access to data, lateral movement within the network, and access to backend systems.\n\nThe Apigee hybrid versions below have all been updated to protect from this vulnerability:\n  *  Hybrid_1.11.2+\n  *  Hybrid_1.12.4+\n  *  Hybrid_1.13.3+\n  *  Hybrid_1.14.1+\n  *  OPDK_5202+\n  *  OPDK_5300+"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "CLEAR",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-05T21:27:13.711Z",
        "orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
        "shortName": "GoogleCloud"
      },
      "references": [
        {
          "url": "https://docs.cloud.google.com/apigee/docs/hybrid/release-notes#March_01_2025"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper Sandboxing in Google Apigee\u0027s JavaCallout Policy Allows for Remote Code Execution",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
    "assignerShortName": "GoogleCloud",
    "cveId": "CVE-2025-13426",
    "datePublished": "2025-12-05T21:27:13.711Z",
    "dateReserved": "2025-11-19T16:10:26.041Z",
    "dateUpdated": "2025-12-08T17:27:42.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9905 (GCVE-0-2025-9905)

Vulnerability from cvelistv5 – Published: 2025-09-19 08:16 – Updated: 2026-02-26 17:48
VLAI
Title
Arbitary Code execution in Keras load_model()
Summary
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special .h5 archive file that uses the Lambda layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True option is not honored when reading .h5 archives. Note that the .h5/.hdf5 format is a legacy format supported by Keras 3 for backwards compatibility.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
Impacted products
Vendor Product Version
Keras-team Keras Affected: 3.0.0 , ≤ 3.11.2 (semver)
Create a notification for this product.
Credits
Gabriele Digregorio
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-20T03:55:41.389596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:23.327Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keras-team/keras",
          "defaultStatus": "unaffected",
          "packageName": "keras",
          "product": "Keras",
          "repo": "https://github.com/keras-team/keras",
          "vendor": "Keras-team",
          "versions": [
            {
              "lessThanOrEqual": "3.11.2",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gabriele Digregorio"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Keras \u003ccode\u003eModel.load_model\u003c/code\u003e\u0026nbsp;method can be exploited to achieve arbitrary code execution, even with \u003ccode\u003esafe_mode=True\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eOne can create a specially crafted \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;model archive that, when loaded via \u003ccode\u003eModel.load_model\u003c/code\u003e, will trigger arbitrary code to be executed.\u003c/p\u003e\u003cp\u003eThis is achieved by crafting a special \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archive file that uses the \u003ccode\u003eLambda\u003c/code\u003e\u0026nbsp;layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the \u003ccode\u003esafe_mode=True\u003c/code\u003e\u0026nbsp;option is not honored when reading \u003ccode\u003e.h5\u003c/code\u003e\u0026nbsp;archives.\u003c/p\u003e\u003cp\u003eNote that the \u003ccode\u003e.h5\u003c/code\u003e/\u003ccode\u003e.hdf5\u003c/code\u003e\u0026nbsp;format is a legacy format supported by Keras 3 for backwards compatibility.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-175",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-175 Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-19T08:16:44.772Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/keras-team/keras/pull/21602"
        },
        {
          "url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Arbitary Code execution in Keras load_model()",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2025-9905",
    "datePublished": "2025-09-19T08:16:44.772Z",
    "dateReserved": "2025-09-03T07:27:18.212Z",
    "dateUpdated": "2026-02-26T17:48:23.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6705 (GCVE-0-2025-6705)

Vulnerability from cvelistv5 – Published: 2025-06-27 14:57 – Updated: 2025-07-02 06:58
VLAI
Summary
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry. The issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse Open VSX Registry Affected: date < 20250624 (custom)
Create a notification for this product.
Credits
Oren Yomtov (Koi Security)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-27T15:52:03.859232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-27T15:52:29.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://open-vsx.org",
          "defaultStatus": "unaffected",
          "product": "Eclipse Open VSX Registry",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "date \u003c 20250624",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Oren Yomtov (Koi Security)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability in the Eclipse Open VSX Registry\u2019s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system\u2019s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry.\u003cbr\u003e\u003cbr\u003eThe issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in the Eclipse Open VSX Registry\u2019s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system\u2019s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry.\n\nThe issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-02T06:58:28.586Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://open-vsx.org"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/EclipseFdn/publish-extensions/pull/881"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2025-6705",
    "datePublished": "2025-06-27T14:57:06.595Z",
    "dateReserved": "2025-06-26T10:19:23.466Z",
    "dateUpdated": "2025-07-02T06:58:28.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6384 (GCVE-0-2025-6384)

Vulnerability from cvelistv5 – Published: 2025-06-19 20:57 – Updated: 2025-06-23 20:22
VLAI
Title
Improper Control of Dynamically-Managed Code Resources in Crafter Studio
Summary
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
Impacted products
Vendor Product Version
CrafterCMS CrafterCMS Affected: 4.0.0 , < 4.3.0 (semver)
Create a notification for this product.
Date Public
2025-06-19 20:45
Credits
Matei "Mal" Badanoiu
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T20:22:35.235439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T20:22:46.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "packageName": "Studio",
          "platforms": [
            "MacOS",
            "Linux",
            "x86",
            "ARM",
            "64 bit"
          ],
          "product": "CrafterCMS",
          "vendor": "CrafterCMS",
          "versions": [
            {
              "lessThan": "4.3.0",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Matei \"Mal\" Badanoiu"
        }
      ],
      "datePublic": "2025-06-19T20:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.\u003c/p\u003e\u003cp\u003eBy inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution).\u003c/p\u003e\u003cp\u003eThis issue affects CrafterCMS: from 4.0.0 through 4.2.2.\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.\n\nBy inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution).\n\nThis issue affects CrafterCMS: from 4.0.0 through 4.2.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-253",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-253 Remote Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T20:57:04.714Z",
        "orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
        "shortName": "crafter"
      },
      "references": [
        {
          "url": "https://docs.craftercms.org/current/security/advisory.html#cv-2025061901"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper Control of Dynamically-Managed Code Resources in Crafter Studio",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd",
    "assignerShortName": "crafter",
    "cveId": "CVE-2025-6384",
    "datePublished": "2025-06-19T20:57:04.714Z",
    "dateReserved": "2025-06-19T20:45:58.222Z",
    "dateUpdated": "2025-06-23T20:22:46.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6107 (GCVE-0-2025-6107)

Vulnerability from cvelistv5 – Published: 2025-06-16 05:00 – Updated: 2025-06-23 16:08
VLAI
Title
comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes
Summary
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-915 - Dynamically-Determined Object Attributes
  • CWE-913 - Dynamically-Managed Code Resources
Assigner
References
Impacted products
Vendor Product Version
comfyanonymous comfyui Affected: 0.3.40
Create a notification for this product.
Credits
Jiacheng Zhong Zhengyu Liu Gavin Zhong (VulDB User) Gavin Zhong (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6107",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-16T17:52:30.960898Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T16:08:48.104Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "comfyui",
          "vendor": "comfyanonymous",
          "versions": [
            {
              "status": "affected",
              "version": "0.3.40"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jiacheng Zhong"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Zhengyu Liu"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Gavin Zhong (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Gavin Zhong (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in comfyanonymous comfyui 0.3.40 ausgemacht. Hiervon betroffen ist die Funktion set_attr der Datei /comfy/utils.py. Dank der Manipulation mit unbekannten Daten kann eine dynamically-determined object attributes-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-915",
              "description": "Dynamically-Determined Object Attributes",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T05:50:57.214Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-312576 | comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.312576"
        },
        {
          "name": "VDB-312576 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.312576"
        },
        {
          "name": "Submit #590921 | ComfyUI v0.3.40 Improperly Controlled Modification of Object Prototype Attribute",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.590921"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://gist.github.com/superboy-zjc/f71b84ed074260a5e459581caa2f1fb2"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/superboy-zjc/f71b84ed074260a5e459581caa2f1fb2#proof-of-concept"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-06-15T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-06-18T07:52:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-6107",
    "datePublished": "2025-06-16T05:00:10.834Z",
    "dateReserved": "2025-06-15T09:47:49.816Z",
    "dateUpdated": "2025-06-23T16:08:48.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27135 (GCVE-0-2024-27135)

Vulnerability from cvelistv5 – Published: 2024-03-12 18:18 – Updated: 2025-02-13 17:41
VLAI
Title
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Summary
Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Pulsar Affected: 2.4.0 , < 2.10.6 (semver)
Affected: 2.11.0 , < 2.11.4 (semver)
Affected: 3.0.0 , < 3.0.3 (semver)
Affected: 3.1.0 , < 3.1.3 (semver)
Affected: 3.2.0 , < 3.2.1 (semver)
Create a notification for this product.
apache pulsar Affected: 2.4.0 , < 2.10.6 (custom)
    cpe:2.3:a:apache:pulsar:2.4.0:*:*:*:*:*:*:*
Create a notification for this product.
apache pulsar Affected: 2.11.0 , < 2.11.4 (custom)
    cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*
Create a notification for this product.
apache pulsar Affected: 3.0.0 , < 3.0.3 (custom)
    cpe:2.3:a:apache:pulsar:3.0.0:-:*:*:*:*:*:*
Create a notification for this product.
apache pulsar Affected: 3.1.0 , < 3.1.3 (custom)
    cpe:2.3:a:apache:pulsar:3.1.0:-:*:*:*:*:*:*
Create a notification for this product.
apache pulsar Affected: 3.2.0 , < 3.2.1 (custom)
    cpe:2.3:a:apache:pulsar:3.2.0:-:*:*:*:*:*:*
Create a notification for this product.
Credits
Lari Hotari of StreamNative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:pulsar:2.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pulsar",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "2.10.6",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apache:pulsar:2.11.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pulsar",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "2.11.4",
                "status": "affected",
                "version": "2.11.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apache:pulsar:3.0.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pulsar",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "3.0.3",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apache:pulsar:3.1.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pulsar",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "3.1.3",
                "status": "affected",
                "version": "3.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apache:pulsar:3.2.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pulsar",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "3.2.1",
                "status": "affected",
                "version": "3.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-13T14:22:47.701713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T19:41:30.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:27:59.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/dh8nj2vmb2br6thjltq74lk9jxkz62wn"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://pulsar.apache.org/security/CVE-2024-27135/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/12/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Pulsar",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.10.6",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.11.4",
              "status": "affected",
              "version": "2.11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.3",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.3",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.1",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lari Hotari of StreamNative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".\u003cbr\u003e\u003cbr\u003eThis issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \u003cbr\u003e\u003cbr\u003e2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\u003cbr\u003e2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\u003cbr\u003e3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\u003cbr\u003e3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\u003cbr\u003e3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\u003cbr\u003e\u003cbr\u003eUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\u003cbr\u003e"
            }
          ],
          "value": "Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".\n\nThis issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\n3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\n3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\n3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "high"
            },
            "type": "Textual description of severity"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T17:08:59.095Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread/dh8nj2vmb2br6thjltq74lk9jxkz62wn"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://pulsar.apache.org/security/CVE-2024-27135/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/12/9"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-27135",
    "datePublished": "2024-03-12T18:18:06.720Z",
    "dateReserved": "2024-02-20T11:50:02.083Z",
    "dateUpdated": "2025-02-13T17:41:17.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7297 (GCVE-0-2024-7297)

Vulnerability from cvelistv5 – Published: 2024-07-30 16:13 – Updated: 2026-03-27 15:51
VLAI
Title
Langflow Privilege Escalation
Summary
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
Impacted products
Vendor Product Version
Affected: 0 , < 1.0.13 (python)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7297",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-30T18:01:37.251544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T15:51:29.431Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2024-26"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "langflow",
          "repo": "https://github.com/langflow-ai/langflow",
          "versions": [
            {
              "lessThan": "1.0.13",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLangflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the \u0027/api/v1/users\u0027 endpoint.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the \u0027/api/v1/users\u0027 endpoint."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-77",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-77 Manipulating User-Controlled Variables"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-30T16:13:48.008Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/research/tra-2024-26"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Langflow Privilege Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2024-7297",
    "datePublished": "2024-07-30T16:13:48.008Z",
    "dateReserved": "2024-07-30T15:07:37.840Z",
    "dateUpdated": "2026-03-27T15:51:29.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-5401 (GCVE-0-2024-5401)

Vulnerability from cvelistv5 – Published: 2025-12-04 14:20 – Updated: 2025-12-04 20:01
VLAI
Summary
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
Impacted products
Vendor Product Version
Synology DiskStation Manager (DSM) Affected: 7.2.2 , < 7.2.2-72806 (semver)
Affected: 7.2.1 , < 7.2.1-69057-2 (semver)
Unknown: 0 , < 7.2.1 (semver)
Create a notification for this product.
Synology Unified Controller (DSMUC) Affected: 3.1 , < 3.1.4-23079 (semver)
Unknown: 0 , < 3.1 (semver)
Create a notification for this product.
Credits
Vo Van Thong of GE Security (VNG) (https://www.linkedin.com/in/thongvv3/)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5401",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-04T18:55:17.873091Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-04T20:01:59.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "DiskStation Manager (DSM)",
          "vendor": "Synology",
          "versions": [
            {
              "lessThan": "7.2.2-72806",
              "status": "affected",
              "version": "7.2.2",
              "versionType": "semver"
            },
            {
              "lessThan": "7.2.1-69057-2",
              "status": "affected",
              "version": "7.2.1",
              "versionType": "semver"
            },
            {
              "lessThan": "7.2.1",
              "status": "unknown",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Unified Controller (DSMUC)",
          "vendor": "Synology",
          "versions": [
            {
              "lessThan": "3.1.4-23079",
              "status": "affected",
              "version": "3.1",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1",
              "status": "unknown",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vo Van Thong of GE Security (VNG) (https://www.linkedin.com/in/thongvv3/)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-04T14:20:18.980Z",
        "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "shortName": "synology"
      },
      "references": [
        {
          "name": "Synology-SA-24:27 DSM",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_27"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
    "assignerShortName": "synology",
    "cveId": "CVE-2024-5401",
    "datePublished": "2025-12-04T14:20:18.980Z",
    "dateReserved": "2024-05-27T05:35:33.549Z",
    "dateUpdated": "2025-12-04T20:01:59.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-2537 (GCVE-0-2024-2537)

Vulnerability from cvelistv5 – Published: 2024-03-15 17:12 – Updated: 2024-08-01 19:18
VLAI
Title
Electron Code Injection in Logi Tune macOS Application
Summary
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
References
Impacted products
Vendor Product Version
Logitech Logi Tune Unaffected: 3.5.249
Create a notification for this product.
Credits
Fatih ERDOGAN (ferdogan)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-19T15:26:00.720634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:30:25.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:46.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2376663"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "Logi Tune",
          "vendor": "Logitech",
          "versions": [
            {
              "status": "unaffected",
              "version": "3.5.249"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Fatih ERDOGAN (ferdogan)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion."
            }
          ],
          "value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-251",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-251 Local Code Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-15T17:12:10.804Z",
        "orgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
        "shortName": "Logitech"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/2376663"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Electron Code Injection in Logi Tune macOS Application",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b573e801-1dd3-4adf-bd73-c9b814fbe067",
    "assignerShortName": "Logitech",
    "cveId": "CVE-2024-2537",
    "datePublished": "2024-03-15T17:12:10.804Z",
    "dateReserved": "2024-03-15T16:56:21.392Z",
    "dateUpdated": "2024-08-01T19:18:46.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50386 (GCVE-0-2023-50386)

Vulnerability from cvelistv5 – Published: 2024-02-09 17:28 – Updated: 2025-04-24 15:47
VLAI
Title
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Summary
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
  • CWE-913 - Improper Control of Dynamically-Managed Code Resources
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Solr Affected: 6.0.0 , ≤ 8.11.2 (semver)
Affected: 9.0.0 , < 9.4.1 (semver)
Create a notification for this product.
apache solr Affected: 6.0.0
    cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
L3yx
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "solr",
            "vendor": "apache",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-50386",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T04:00:07.946189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T15:47:50.228Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/09/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Solr",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "8.11.2",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.4.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "L3yx"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.\u003cp\u003eThis issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\u003c/p\u003eIn the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.\u003cbr\u003eWhen backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).\u003cbr\u003eIf the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.\u003cbr\u003e\u003cbr\u003eWhen Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\u003cbr\u003eIn these versions, the following protections have been added:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.\u003c/li\u003e\u003cli\u003eThe Backup API restricts saving backups to directories that are used in the ClassLoader.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nIn the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.\nWhen backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).\nIf the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.\n\nWhen Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nIn these versions, the following protections have been added:\n\n  *  Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.\n  *  The Backup API restricts saving backups to directories that are used in the ClassLoader."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-09T17:30:10.403Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/09/1"
        }
      ],
      "source": {
        "defect": [
          "SOLR-16949"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-50386",
    "datePublished": "2024-02-09T17:28:51.290Z",
    "dateReserved": "2023-12-07T17:14:22.179Z",
    "dateUpdated": "2025-04-24T15:47:50.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

Strategy: Input Validation

For any externally-influenced input, check the input against an allowlist of acceptable values.

Mitigation
Implementation Architecture and Design

Strategy: Refactoring

Refactor the code so that it does not need to be dynamically managed.

No CAPEC attack patterns related to this CWE.