CVE-2024-31411

CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload

Vendor Apache Software Foundation

Product Apache StreamPipes

Weakness CWE-434 · Unrestricted file upload

Published July 17, 2024

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Key dates

Disclosure timeline

July 17, 2024 CVE published

September 13, 2024 Record updated