CVE-2024-23692 - Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
CVE-2024-23692
Rejetto | HTTP File Server
- Date Added:
- 2024-07-09
- Due Date:
- 2024-07-30
- Vulnerability Name
Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
- Description
Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- The patched Rejetto HTTP File Server (HFS) is version 3: https://github.com/rejetto/hfs?tab=readme-ov-file#installation, https://www.rejetto.com/hfs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-23692
- Related News Articles
Free security scan for your website