CVE-2024-13296

CVE-2024-13296: Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062

Vendor Drupal

Product Mailjet

Weakness CWE-502 · Unsafe deserialization

Published January 9, 2025

Last update January 10, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.

Key dates

02Disclosure timeline

January 9, 2025 CVE published

January 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-13296 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2016-15044 Kaltura < 11.1.0-2 PHP Object Injection RCE CVE-2021-1415 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities CVE-2026-24186 CVE-2024-12677 Delta Electronics DTM Soft Deserialization of Untrusted Data CVE-2025-24357 vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator