CVE-2024-42370 | litestar up to 2.10.0 Environment Variable docs-preview.yml DOCS_PREVIEW_DEPLOY_TOKEN os command injection (GHSA-4hq2-rpgc-r8r7)

Posted by Angelo Barbosa | Aug 9, 2024 | CVE

A vulnerability was found in litestar up to 2.10.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file docs-preview.yml of the component Environment Variable Handler. The manipulation of the argument DOCS_PREVIEW_DEPLOY_TOKEN leads to os command injection.

This vulnerability is handled as CVE-2024-42370. The attack may be launched remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-42370 | litestar up to 2.10.0 Environment Variable docs-preview.yml DOCS_PREVIEW_DEPLOY_TOKEN os command injection (GHSA-4hq2-rpgc-r8r7)

Related Posts

CVE-2024-38082 | Microsoft Edge up to 126.0.2592.56 unknown vulnerability

CVE-2024-1794 | Forminator Plugin up to 1.29.0 on WordPress File Upload cross site scripting

CVE-2024-1533 | Averta Shortcodes and Extra Features for Phlox Theme up to 2.15.5 on WordPress cross site scripting

CVE-2024-21312 | Microsoft denial of service