blob: 2d3b4c74cf8cc707f5da1cedfe9ce527d9dc8be9 [file] [log] [blame]
id: GO-2024-2462
modules:
- module: github.com/0xJacky/Nginx-UI
versions:
- fixed: 1.9.10-0.20231219184941-827e76c46e63
vulnerable_at: 1.9.10-0.20231219042952-0a9e23daf406
packages:
- package: github.com/0xJacky/Nginx-UI/api/system
symbols:
- GetSettings
- SaveSettings
summary: Arbitrary command execution in github.com/0xJacky/Nginx-UI
cves:
- CVE-2024-22198
ghsas:
- GHSA-8r25-68wm-jw35
credits:
- '@jorgectf'
references:
- fix: https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3
- advisory: https://github.com/advisories/GHSA-8r25-68wm-jw35
review_status: REVIEWED