CVE-2024-47764

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

Published: Oct 4, 2024 / Updated: 46d ago

010
CVSS 6.9EPSS 0.05%Medium
CVE info copied to clipboard

Summary

The vulnerability affects the 'cookie' package, which is a basic HTTP cookie parser and serializer for HTTP servers. The issue allows the cookie name to be used to set other fields of the cookie, resulting in an unexpected cookie value. Similar escapes can be used for path and domain, which could be abused to alter other fields of the cookie.

Impact

This vulnerability can lead to improper neutralization of special elements in output used by a downstream component, classified as CWE-74 (Injection). Attackers could potentially manipulate cookie values, paths, and domains, leading to unexpected behavior in HTTP servers using this package. This could result in security issues such as session hijacking, cross-site scripting (XSS), or other injection-based attacks.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Users should upgrade to version 0.7.0, which updates the validation for name, path, and domain.

Mitigation

1. Upgrade the 'cookie' package to version 0.7.0 or later. 2. If immediate upgrading is not possible, implement additional server-side validation for cookie names, paths, and domains. 3. Review and audit any custom code that interacts with cookies to ensure proper handling and sanitization. 4. Monitor server logs for any suspicious cookie manipulations. 5. Consider implementing additional security measures such as HTTP-only flags and secure flags for sensitive cookies.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

Vendor Advisory

GitHub Advisories released a security advisory.

Oct 4, 2024 at 6:11 PM
CVE Assignment

NVD published the first details for CVE-2024-47764

Oct 4, 2024 at 8:15 PM
CVSS

A CVSS base score of 6.9 has been assigned.

Oct 4, 2024 at 8:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-47764. See article

Oct 4, 2024 at 8:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 4, 2024 at 8:21 PM
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-47764).

Oct 4, 2024 at 9:00 PM
CVSS

A CVSS base score of 3.7 has been assigned.

Oct 4, 2024 at 9:00 PM / redhat-cve-advisories
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Oct 5, 2024 at 10:04 AM
CVSS

A CVSS base score of 6.9 has been assigned.

Oct 7, 2024 at 5:51 PM / nvd
Static CVE Timeline Graph

Affected Systems

Microsoft/cbl-mariner
+null more

Patches

Github Advisory
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

CVE-2024-47764
Logging Subsystem for Red Hat OpenShift - openshift-logging/logging-view-plugin-rhel8 - Fix deferred Red Hat OpenShift Container Platform 4 - openshift4/nmstate-console-plugin-rhel8 - Fix deferred

References

Multiple vulnerabilities in IBM Business Automation Insights
The vulnerability exists due to a boundary error when processing TIFF images within the rotateImage() function in /libtiff/tools/tiffcrop.c. A remote attacker can pass a specially crafted image to the application, trigger memory corruption and perform a denial of service (DoS) attack. The vulnerability exists due to a boundary error within the cpStripToTile() function in libtiff/tools/tiffcp.c. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

News

Multiple vulnerabilities in IBM App Connect Enterprise
Vendor IBM Corporation Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Multiple vulnerabilities in IBM Security QRadar EDR
A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Multiple vulnerabilities in IBM Business Automation Insights
The vulnerability exists due to a boundary error when processing TIFF images within the rotateImage() function in /libtiff/tools/tiffcrop.c. A remote attacker can pass a specially crafted image to the application, trigger memory corruption and perform a denial of service (DoS) attack. The vulnerability exists due to a boundary error within the cpStripToTile() function in libtiff/tools/tiffcp.c. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Minio Console update for third-party npm packages
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
CBL Mariner 2.0 Security Update: reaper (CVE-2024-47764)
The remote CBL Mariner host is missing one or more security updates. The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version.
See 13 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI