Critical severity9.6NVD Advisory· Published Aug 1, 2024· Updated Apr 15, 2026

CVE-2024-41961

Description

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an eval sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.

Patches

49aea3b36508

https://github.com/sap-cloud-infrastructure/elektravia osv

8bce00be93b9

https://github.com/sap-cloud-infrastructure/elektravia osv

49aea3b36508

https://github.com/sapcc/elektravia osv

commit

8bce00be93b9

https://github.com/sapcc/elektravia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.624
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000