Vulnerability Description
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rschupp | Modules\ | < 1.36, \ |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v5ExploitVendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2024-10224Third Party Advisory
- https://www.qualys.com/2024/11/19/needrestart/needrestart.txtExploitMitigation
- http://seclists.org/fulldisclosure/2024/Nov/15
- http://seclists.org/fulldisclosure/2024/Nov/17
- https://lists.debian.org/debian-lts-announce/2024/11/msg00015.htmlMailing List
- https://www.openwall.com/lists/oss-security/2024/11/19/1ExploitMailing ListMitigation
FAQ
What is CVE-2024-10224?
CVE-2024-10224 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe...
How severe is CVE-2024-10224?
CVE-2024-10224 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-10224?
Check the references section above for vendor advisories and patch information. Affected products include: Rschupp Modules\, Debian Debian Linux.