Vulnerability Description
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Hop Engine | < 2.8.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/18/1Mailing ListThird Party Advisory
- https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6tIssue TrackingMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/03/18/1Mailing ListThird Party Advisory
- https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6tIssue TrackingMailing ListVendor Advisory
FAQ
What is CVE-2024-24683?
CVE-2024-24683 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Se...
How severe is CVE-2024-24683?
CVE-2024-24683 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24683?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Hop Engine.