How severe is CVE-2024-48866?

This vulnerability has a severity rating of LOW with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-48866?

This is classified as CWE-177, which is a common weakness in software security.

CVE-2024-48866

LOW Year: 2024

Weakness Type

CWE-177

View all →

Vulnerability Description

An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVE-2022-3854

MEDIUM

CVSS:6.5(Medium)

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

CWE-1772022

CVE-2018-3718

MEDIUM

CVSS:5.3(Medium)

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

CWE-1772018

CVE-2022-27780

MEDIUM

CVSS:5.3(Medium)

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.Fo...

CWE-1772022

CVE-2024-48866

Vulnerability Description

Related Vulnerabilities

CVE-2022-3854

CVE-2018-3718

CVE-2022-27780