VYPR
Critical severity9.8NVD Advisory· Published Mar 29, 2024· Updated Apr 15, 2026

CVE-2024-29640

CVE-2024-29640

Description

An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aliyundrive-webdavcrates.io
<= 2.3.3
aliyundrive-webdavPyPI
<= 2.3.3

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.