VDB
RHSA-2024%3A3550
RHSA-2024%3A3550
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | HawtIO 4.0.0 for Red Hat build of Apache Camel 4 |
Timeline
- Jun 3, 2024 CVE Published
- Apr 24, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:3550 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2265161 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2265172 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2266921 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2269576 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2272907 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3550.json advisory
- https://access.redhat.com/security/cve/CVE-2023-42282 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-42282 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-42282 advisory
- https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html advisory
- https://access.redhat.com/security/cve/CVE-2023-51775 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-51775 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-51775 advisory
- https://access.redhat.com/security/cve/CVE-2024-22234 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-22234 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-22234 advisory
- https://spring.io/security/cve-2024-22234 advisory
- https://access.redhat.com/security/cve/CVE-2024-28849 advisory
…and 10 more