Low severityNVD Advisory· Published Jan 9, 2025· Updated Jan 10, 2025
CVE-2024-55224
CVE-2024-55224
Description
An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vaultwardencrates.io | < 1.32.5 | 1.32.5 |
Affected products
2- Vaultwarden/Vaultwardendescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-g5x8-v2ch-gj2gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-55224ghsaADVISORY
- github.com/dani-garcia/vaultwarden/releases/tag/1.32.4ghsaWEB
- github.com/dani-garcia/vaultwarden/releases/tag/1.32.5ghsaWEB
- insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5ghsaWEB
- insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/mitre
News mentions
0No linked articles in our index yet.