How severe is CVE-2024-45798?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2024-45798?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-45798 - CRITICAL Severity | CVSS 9.9

Vulnerability Description

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts.

Related Vulnerabilities

CVE-2018-20162

CRITICAL

CVSS:9.9(Critical)

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary command...

CWE-202018

CVE-2021-3781

CRITICAL

CVSS:9.9(Critical)

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document ...

CWE-202021

CVE-2021-43779

CRITICAL

CVSS:9.9(Critical)

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability...

CWE-202021

CVE-2022-0415

CRITICAL

CVSS:9.9(Critical)

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.

CWE-202022

CVE-2022-26780

CRITICAL

CVSS:9.9(Critical)

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code executio...

CWE-202022

CVE-2022-26781

CRITICAL

CVSS:9.9(Critical)

CWE-202022