How severe is CVE-2024-32980?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-32980?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2024-32980

CRITICAL Year: 2024

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-610

View all →

Vulnerability Description

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn't include the hostname/port. Spin 2.4.3 has been released to fix this issue.

CVE-2022-27593

CRITICAL

CVSS:9.1(Critical)

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have al...

CWE-6102022

CVE-2021-27648

HIGH

CVSS:8.8(High)

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via ...

CWE-6102021

CVE-2021-30245

HIGH

CVSS:8.8(High)

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link...

CWE-6102021

CVE-2021-43844

HIGH

CVSS:8.8(High)

MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifical...

CWE-6102021

CVE-2022-24854

HIGH

CVSS:8.8(High)

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial c...

CWE-6102022

CVE-2024-45826

HIGH

CVSS:8.8(High)

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can...

CWE-6102024

CVE-2024-32980

Vulnerability Description

Related Vulnerabilities

CVE-2022-27593

CVE-2021-27648

CVE-2021-30245

CVE-2021-43844

CVE-2022-24854

CVE-2024-45826