CVE-2024-28892 — Vulnetix

CVE-2024-28892 PUBLISHED CVSS 9.800000190734863 CRITICAL

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

EPSS 1.85% · 83.3th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.85%

83.3th percentile

Affected Products

Vendor	Product	Versions
github.com	mayuresh82/gocast	0, 0
mayuresh82	gocast	1.1.3, 1.1.3
GoCast	GoCast	1.1.3, 1.1.3
gocast	gocast	1.1.3, 1.1.3

Timeline

Nov 21, 2024 CVE Published
Nov 21, 2024 PoC Published
Nov 22, 2024 EPSS Score
Dec 20, 2024 Coalition ESS Score
Dec 28, 2024 EPSS Score
Jan 14, 2025 EPSS Score
Feb 18, 2025 EPSS Score
Mar 7, 2025 EPSS Score
Mar 23, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 10, 2025 EPSS Score

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960 url
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1960 url
https://nvd.nist.gov/vuln/detail/CVE-2024-28892 advisory
https://github.com/mayuresh82/gocast package

Open in Interactive Console →