CVE-2024-7110

MEDIUM Year: 2024
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.

Related Vulnerabilities

CVE-2019-20659

MEDIUM
CVSS:6.4(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900...

CWE-772019

CVE-2019-20745

MEDIUM
CVSS:6.4(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2.

CWE-772019

CVE-2023-49587

MEDIUM
CVSS:6.4(Medium)

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over ...

CWE-772023

CVE-2024-22546

MEDIUM
CVSS:6.4(Medium)

TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via ...

CWE-772024

CVE-2024-32884

MEDIUM
CVSS:6.4(Medium)

gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clon...

CWE-772024

CVE-2024-53526

MEDIUM
CVSS:6.4(Medium)

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.

CWE-772024