How severe is CVE-2024-24569?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-24569?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-24569

MEDIUM Year: 2024

CVSS v3 Score

4.8

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2.

CVE-2015-9546

MEDIUM

CVSS:4.8(Medium)

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker ca...

CWE-222015

CVE-2020-4240

MEDIUM

CVSS:4.8(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbit...

CWE-222020

CVE-2022-20725

MEDIUM

CVSS:4.8(Medium)

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, ex...

CWE-222022

CVE-2022-24851

MEDIUM

CVSS:4.8(Medium)

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are n...

CWE-222022

CVE-2024-8291

MEDIUM

CVSS:4.8(Medium)

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS...

CWE-222024

CVE-2017-10273

MEDIUM

CVSS:4.7(Medium)

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3...

CWE-222017

CVE-2024-24569

Vulnerability Description

Related Vulnerabilities

CVE-2015-9546

CVE-2020-4240

CVE-2022-20725

CVE-2022-24851

CVE-2024-8291

CVE-2017-10273