CVE-2024-52010: Zoraxy has an authenticated command injection in the Web SSH feature
(updated )
A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host.
References
- github.com/advisories/GHSA-7hpf-g48v-hw3j
- github.com/tobychui/zoraxy
- github.com/tobychui/zoraxy/commit/2e9bc77a5d832bff1093058d42ce7a61382e4bc6
- github.com/tobychui/zoraxy/commit/c07d5f85dfc37bd32819358ed7d4bc32c604e8f0
- github.com/tobychui/zoraxy/security/advisories/GHSA-7hpf-g48v-hw3j
- nvd.nist.gov/vuln/detail/CVE-2024-52010
- pkg.go.dev/vuln/GO-2024-3267
Code Behaviors & Features
Detect and mitigate CVE-2024-52010 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →