Unrated severityNVD Advisory· Published Oct 29, 2020· Updated Aug 4, 2024
Client-Side Command Injection in Rapid7 Metasploit
CVE-2020-7384
Description
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2≤ 6.0.11+ 1 more
- (no CPE)range: ≤ 6.0.11
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.htmlmitrex_refsource_MISC
- github.com/rapid7/metasploit-framework/pull/14288mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.