How severe is CVE-2024-38363?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.5 out of 10.

What type of vulnerability is CVE-2024-38363?

This is classified as CWE-1336, which is a common weakness in software security.

CVE-2024-38363

HIGH Year: 2024

CVSS v3 Score

8.5

High

Weakness Type

CWE-1336

View all →

Vulnerability Description

Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2.

CVE-2021-4315

HIGH

CVSS:8.8(High)

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mod...

CWE-13362021

CVE-2023-27995

HIGH

CVSS:8.8(High)

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a...

CWE-13362023

CVE-2024-30372

HIGH

CVSS:8.8(High)

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authe...

CWE-13362024

CVE-2024-46366

HIGH

CVSS:8.8(High)

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead...

CWE-13362024

CVE-2024-52427

HIGH

CVSS:8.8(High)

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Even...

CWE-13362024

CVE-2024-6386

HIGH

CVSS:8.8(High)

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation a...

CWE-13362024

CVE-2024-38363

Vulnerability Description

Related Vulnerabilities

CVE-2021-4315

CVE-2023-27995

CVE-2024-30372

CVE-2024-46366

CVE-2024-52427

CVE-2024-6386