Apache Hop Engine: ID isn't escaped when generating HTML
Description
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0.
Users are recommended to upgrade to version 2.8.0, which fixes the issue.
When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low.
This issue only affects users using the Hop Server component and does not directly affect the client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hop:hopMaven | < 2.8.0 | 2.8.0 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-f6g6-pjgc-5cj5ghsaADVISORY
- lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6tghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-24683ghsaADVISORY
- www.openwall.com/lists/oss-security/2024/03/18/1ghsaWEB
News mentions
0No linked articles in our index yet.