How severe is CVE-2024-48909?

This vulnerability has a severity rating of LOW with a CVSS score of 2.4 out of 10.

What type of vulnerability is CVE-2024-48909?

This is classified as CWE-172, which is a common weakness in software security.

CVE-2024-48909

LOW Year: 2024

CVSS v3 Score

2.4

Low

Weakness Type

CWE-172

View all →

Vulnerability Description

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a permissionship of `CONDITIONAL` with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in since SpiceDB 1.35.0. The bug is patched as part of SpiceDB 1.37.1. As a workaround, disable LookupResources2 via the `--enable-experimental-lookup-resources` flag by setting it to `false`.

CVE-2021-33604

LOW

CVSS:2.5(Low)

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local us...

CWE-1722021

CVE-2018-7289

LOW

CVSS:3.3(Low)

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will f...

CWE-1722018

CVE-2016-6691

CRITICAL

CVSS:9.8(Critical)

service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly hav...

CWE-1722016

CVE-2019-10160

CRITICAL

CVSS:9.8(Critical)

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which st...

CWE-1722019

CVE-2019-12677

HIGH

CVSS:7.7(High)

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condi...

CWE-1722019

CVE-2025-27110

HIGH

CVSS:7.5(High)

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processi...

CWE-1722025