How severe is CVE-2024-39906?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-39906?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-39906 - HIGH Severity | CVSS 8.3

Vulnerability Description

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads to the immediate execution of the provided commands when the link is accessed by the authenticated administrator. This issue may lead to Remote Code Execution (RCE) and has been addressed by commit `c52f07c`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2019-9811

HIGH

CVSS:8.3(High)

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vu...

CWE-742019

CVE-2024-23830

HIGH

CVSS:8.3(High)

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the ...

CWE-742024

CVE-2017-18786

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R...

CWE-742017

CVE-2017-18787

HIGH

CVSS:8.4(High)

CWE-742017

CVE-2017-18792

HIGH

CVSS:8.4(High)

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.

CWE-742017

CVE-2017-18794

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7...

CWE-742017