{"vulnerability": "CVE-2024-5257", "sightings": [{"uuid": "60ef7aec-4c81-42ce-9c6e-ae11efe7f87b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52573", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113510756015313793", "content": "", "creation_timestamp": "2024-11-19T17:18:02.788921Z"}, {"uuid": "ab053abc-0ef6-44bc-a9a0-6a04b6d5d0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52572", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1518/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "40bcbbe0-a1ac-496b-b55e-fd0b3a0ae465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52570", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1522/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "88123f96-29ff-4f18-9571-bb6aeca69a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52571", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1526/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "58857cf3-1632-44f5-bc7a-b7862ed26cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52573", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1527/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "33075b59-c359-4564-b642-4b2a5d4dc874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52574", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1519/", "content": "", "creation_timestamp": "2024-11-19T06:00:00.000000Z"}, {"uuid": "f50b320f-60df-41c5-ba0e-2899d4c8109a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52570", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-09", "content": "", "creation_timestamp": "2024-12-12T11:00:00.000000Z"}, {"uuid": "5a877ed2-5170-4a87-97c5-1110a0763251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52571", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-09", "content": "", "creation_timestamp": "2024-12-12T11:00:00.000000Z"}, {"uuid": "dcc2dba7-e6e3-4d1f-b420-31aed701cc2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52572", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-09", "content": "", "creation_timestamp": "2024-12-12T11:00:00.000000Z"}, {"uuid": "507a58e9-289e-443c-a6e2-52ba8c86e491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52573", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-09", "content": "", "creation_timestamp": "2024-12-12T11:00:00.000000Z"}, {"uuid": "120c632b-f688-45b3-94ad-871c31d29758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52574", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-09", "content": "", "creation_timestamp": "2024-12-12T11:00:00.000000Z"}, {"uuid": "855971e4-1ced-41ca-9744-edf66cda6cb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114001473833673567", "content": "", "creation_timestamp": "2025-02-14T09:14:02.397651Z"}, {"uuid": "183def2c-903b-40b3-8eaf-be8ef6f57209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3li5hye64e62f", "content": "", "creation_timestamp": "2025-02-14T15:04:10.919690Z"}, {"uuid": "9bb269ed-55f5-4347-8dcd-750db81f2aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114001657372921791", "content": "", "creation_timestamp": "2025-02-14T10:00:43.091118Z"}, {"uuid": "11846364-b864-4361-ac7f-122f848262a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li4xwo4tvb2s", "content": "", "creation_timestamp": "2025-02-14T10:16:54.592020Z"}, {"uuid": "44aef86c-a951-4948-93cd-664d95de022e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li4ziae6is2v", "content": "", "creation_timestamp": "2025-02-14T10:44:38.375043Z"}, {"uuid": "7707b56a-a98e-4246-b7c3-6595ed208c95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3liiuybevis2b", "content": "", "creation_timestamp": "2025-02-19T03:56:07.920517Z"}, {"uuid": "926ea989-3089-4f1e-bb7e-378487731bd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lidskqpcfs2s", "content": "", "creation_timestamp": "2025-02-17T03:29:24.601593Z"}, {"uuid": "b387e5d5-0e43-470a-8b36-93b51f37a3ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-52577", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lij3hmri3c26", "content": "", "creation_timestamp": "2025-02-19T05:52:01.893657Z"}, {"uuid": "24600c69-8106-4a06-a672-fa0f9fb66ea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lijfadoegs2o", "content": "", "creation_timestamp": "2025-02-19T08:46:56.301017Z"}, {"uuid": "e9c3080f-9606-4b7f-bc4b-79ee209bed28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:44.000000Z"}, {"uuid": "83d858d6-4496-4cc2-8e9d-a70b4c46f480", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/nihonmatsu.bsky.social/post/3lijnbkmguc2v", "content": "", "creation_timestamp": "2025-02-19T11:10:45.881906Z"}, {"uuid": "e4293f0c-ac3e-46a7-8e7a-eee93cb5ad64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lijxku22tk2a", "content": "", "creation_timestamp": "2025-02-19T14:14:55.076232Z"}, {"uuid": "8df4558e-1f76-49be-94c9-09101c456d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5257", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mb2nyzfti22d", "content": "", "creation_timestamp": "2025-12-28T15:43:51.711083Z"}, {"uuid": "5dd620ee-0a1c-438c-91ac-d11189ec2b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5257", "type": "seen", "source": "https://t.me/true_secator/5957", "content": "GitLab \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 GitLab Community \u0438 Enterprise, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0439 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438/\u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f (CI/CD).\n\nCVE-2024-6385\u00a0\u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVSS 9,6 \u0438\u0437 10 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 GitLab CE/EE \u043e\u0442 15.8 \u0434\u043e 16.11.6, \u043e\u0442 17.0 \u0434\u043e 17.0.4 \u0438 \u043e\u0442 17.1 \u0434\u043e 17.1.2.\n\n\u041f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 GitLab \u0435\u0449\u0435 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043d\u043e\u0432\u044b\u0439 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043f\u043e\u0445\u043e\u0436\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 (CVE-2024-5655, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,6), \u043a\u043e\u0442\u043e\u0440\u0443\u044e  \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 GitLab Community \u0438 Enterprise 17.1.2, 17.0.4 \u0438 16.11.6 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0441\u0435 \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c GitLab.com \u0438 GitLab Dedicated \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e.\n\n\u0412 \u044d\u0442\u0438\u0445 \u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0437\u0430\u043a\u0440\u044b\u0442\u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2024-5257, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 4,9), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e-\u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0443 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 admin_compliance_framework \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c URL-\u0430\u0434\u0440\u0435\u0441 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0441\u0442\u0432\u0430 \u0438\u043c\u0435\u043d \u0433\u0440\u0443\u043f\u043f\u044b.", "creation_timestamp": "2024-07-11T12:00:06.000000Z"}, {"uuid": "157a4e12-559f-4ec7-97d7-5ef48418dbb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "Telegram/dazz-4PtcEiY0S6Y3MuT-LXf5qLOhpWndl_ytuaNaekS-ZuU", "content": "", "creation_timestamp": "2025-02-14T21:08:29.000000Z"}, {"uuid": "536a3da4-1037-4233-be94-94a130c0853d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52579", "type": "seen", "source": "https://t.me/cvedetector/13244", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52579 - Misskey SSRF Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-52579 \nPublished : Dec. 18, 2024, 8:15 p.m. | 36\u00a0minutes ago \nDescription : Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T22:03:54.000000Z"}, {"uuid": "06b73f79-15a3-4ca5-824c-dbb6425d812c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5257", "type": "seen", "source": "https://t.me/cvedetector/644", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-5257 - An issue was discovered in GitLab CE/EE affecting\", \n  \"Content\": \"CVE ID : CVE-2024-5257 \nPublished : July 11, 2024, 7:15 a.m. | 38\u00a0minutes ago \nDescription : An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with `admin_compliance_framework` custom role may have been able to modify the URL for a group namespace. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-11T09:57:28.000000Z"}, {"uuid": "801fd986-1d39-473f-9302-71c5f123458d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://t.me/MalaysiaHacktivistz/2003", "content": "Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely \u2013 gbhackers.com\n\nWed, 19 Feb 2025 15:06:40", "creation_timestamp": "2025-02-19T09:03:53.000000Z"}, {"uuid": "32bb230d-5cde-44de-b43c-bcddd21f800c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/28296", "content": "Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely \u2013 gbhackers.com\n\nWed, 19 Feb 2025 15:06:40", "creation_timestamp": "2025-02-19T09:03:53.000000Z"}, {"uuid": "53506629-4db6-44f0-8543-3bf8e220f241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4465", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52577\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.\n\ud83d\udccf Published: 2025-02-14T12:31:38Z\n\ud83d\udccf Modified: 2025-02-14T18:06:46Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-52577\n2. https://github.com/apache/ignite/commit/f1d3579eabb2c6f5b11b94d58600afc497a8603d\n3. https://github.com/apache/ignite\n4. https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh", "creation_timestamp": "2025-02-14T18:10:42.000000Z"}, {"uuid": "412ee13b-c033-4a42-849c-8c6bfcdab120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://t.me/cvedetector/18085", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52577 - Apache Ignite Unvalidated Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52577 \nPublished : Feb. 14, 2025, 10:15 a.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T13:15:00.000000Z"}, {"uuid": "a24b13c2-2805-4d21-87ca-a1e7be7e9951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/69", "content": "Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely \u2013 gbhackers.com\n\nWed, 19 Feb 2025 15:06:40", "creation_timestamp": "2025-02-19T08:03:53.000000Z"}, {"uuid": "762c41a4-ba49-42bd-ac5e-f20ed6106410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52572", "type": "seen", "source": "https://t.me/cvedetector/11358", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52572 - Tecnomatix Plant Simulation WRL File Stack Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52572 \nPublished : Nov. 18, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.  \nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486) \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:03:38.000000Z"}, {"uuid": "9fa24bc2-a03b-4f17-8c99-3afd2f0ba7ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52571", "type": "seen", "source": "https://t.me/cvedetector/11357", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52571 - Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52571 \nPublished : Nov. 18, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.  \nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485) \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:03:37.000000Z"}, {"uuid": "30438ac0-d482-4556-8a9b-f8b339bc3df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52570", "type": "seen", "source": "https://t.me/cvedetector/11356", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52570 - \"Siemens Tecnomatix Out-of-Bounds Write Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-52570 \nPublished : Nov. 18, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.  \nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365) \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:03:36.000000Z"}, {"uuid": "8bcdea85-a9f9-4f8d-9441-ef78b19188f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52574", "type": "seen", "source": "https://t.me/cvedetector/11353", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52574 - Tecnomatix Plant Simulation WRL File Out-of-Bounds Read Underflow [(\"Arbitrary Code Execution\")]\", \n  \"Content\": \"CVE ID : CVE-2024-52574 \nPublished : Nov. 18, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.  \nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543) \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:03:34.000000Z"}, {"uuid": "2bcf281f-48bb-4b21-a784-7571e1f367a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52573", "type": "seen", "source": "https://t.me/cvedetector/11352", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52573 - \"Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-52573 \nPublished : Nov. 18, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.  \nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521) \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:03:32.000000Z"}, {"uuid": "e7d51976-5671-4e51-9996-5db1ce1d2c1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52577", "type": "seen", "source": "https://t.me/MalaysiaHacktivistz/8645", "content": "Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely \u2013 gbhackers.com\n\nWed, 19 Feb 2025 15:06:40", "creation_timestamp": "2025-02-19T09:03:53.000000Z"}]}