Unrated severityNVD Advisory· Published Mar 12, 2024· Updated Aug 28, 2024

Remote Code Execution using Server Side Template Injection in Peering Manager

CVE-2024-28114

Description

Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Peering Manager/Peering Managerv5
Range: < 1.8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/peering-manager/peering-manager/commit/8a865fb596c11ad7caf45aef317d8fcbce7f85ffmitrex_refsource_MISC
github.com/peering-manager/peering-manager/security/advisories/GHSA-q37x-qfrx-jcv6mitrex_refsource_CONFIRM
owasp.org/www-community/attacks/Command_Injectionmitrex_refsource_MISC
owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injectionmitrex_refsource_MISC
stackoverflow.com/questions/73939573/how-to-sanitise-string-of-python-code-with-pythonmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000