How severe is CVE-2024-21571?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-21571?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-21571 - HIGH Severity | CVSS 8.1

Vulnerability Description

Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiting this vulnerability would require an attacker to have network access to the Code Agent within the deployment environment. External exploitation of this vulnerability is unlikely and depends on both misconfigurations of the cluster and/or chaining with another vulnerability. However, internal exploitation (with a cluster misconfiguration) could still be possible.

Related Vulnerabilities

CVE-2009-2529

HIGH

CVSS:8.1(High)

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted H...

CWE-942009

CVE-2010-0248

HIGH

CVSS:8.1(High)

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly init...

CWE-942010

CVE-2010-0492

HIGH

CVSS:8.1(High)

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and des...

CWE-942010

CVE-2012-1879

HIGH

CVSS:8.1(High)

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "i...

CWE-942012

CVE-2013-0810

HIGH

CVSS:8.1(High)

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, ak...

CWE-942013

CVE-2013-2115

HIGH

CVSS:8.1(High)

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A...

CWE-942013