VDB
CISA-2024-28892
CISA-2024-28892
PUBLISHED
CVSS 9.8 CRITICAL
Reported by talos · Published November 21, 2024
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| GoCast | GoCast | 1.1.3 |
| gocast | gocast | 1.1.3, 1.1.3 |
| GoCast | GoCast | 1.1.3, 1.1.3 |
Timeline
- Nov 21, 2024 CVE Published
- Nov 21, 2024 CVE Updated