Skip to content

aliyundrive-webdav vulnerable to Command Injection

High severity GitHub Reviewed Published Mar 29, 2024 to the GitHub Advisory Database • Updated Mar 29, 2024

Package

cargo aliyundrive-webdav (Rust)

Affected versions

<= 2.3.3

Patched versions

None
pip aliyundrive-webdav (pip)
<= 2.3.3
None

Description

An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.

References

Published by the National Vulnerability Database Mar 29, 2024
Published to the GitHub Advisory Database Mar 29, 2024
Reviewed Mar 29, 2024
Last updated Mar 29, 2024

Severity

High

EPSS score

0.046%
(18th percentile)

Weaknesses

CVE ID

CVE-2024-29640

GHSA ID

GHSA-73v2-rxqp-7q4f

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.