{"vulnerability": "cve-2024-2709", "sightings": [{"uuid": "77c47e7f-40de-4bba-9fb0-3143ab38b757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27099", "type": "seen", "source": "Telegram/plJ6PqV0PDiIca0wBxsQEqKE9c6ZPhzra95BPR4-57UuGwYd", "content": "", "creation_timestamp": "2025-02-14T21:08:30.000000Z"}, {"uuid": "f4fe72ce-78e6-427a-905b-ed2689eb53ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27095", "type": "seen", "source": "https://t.me/cvedetector/582", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-27095 - Decidim is a participatory democracy framework. Th\", \n  \"Content\": \"CVE ID : CVE-2024-27095 \nPublished : July 10, 2024, 7:15 p.m. | 26\u00a0minutes ago \nDescription : Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T21:49:16.000000Z"}, {"uuid": "b9df8a49-e7e6-4b13-b742-72a5b124a1d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27090", "type": "seen", "source": "https://t.me/cvedetector/579", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-27090 - Decidim is a participatory democracy framework, wr\", \n  \"Content\": \"CVE ID : CVE-2024-27090 \nPublished : July 10, 2024, 7:15 p.m. | 26\u00a0minutes ago \nDescription : Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. This vulnerability is fixed in 0.27.6. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-10T21:49:10.000000Z"}, {"uuid": "b999910d-bc2e-4628-9e8e-55615f57f3f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27098", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5564", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Quarkslab \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438, \u043a\u0430\u043a \u0432 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0430 \u0438\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0432\u043d\u043e\u0432\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c SSRF \u0438 SQL \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 GLPI, \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u043c \u043f\u0430\u043a\u0435\u0442\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u043c\u0438 \u0438 \u0418\u0422.\n\n\u041f\u043e\u043f\u0430\u0432 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u044e\u044e \u0441\u0435\u0442\u044c \u0438 \u043f\u043e\u0441\u043b\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u0430\u043b \u0441\u0435\u0440\u0432\u0435\u0440 GLPI \u0432\u0435\u0440\u0441\u0438\u0438 10.0.10, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e CVE.\n\n\u041d\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0441\u043f\u0443\u0441\u0442\u044f \u0431\u044b\u043b\u0430 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 CVE-2023-43813, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0432\u0448\u0430\u044f \u0438\u0437\u0443\u0447\u0430\u0435\u043c\u044b\u0439 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440. \u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 10.0.0 \u0438 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 10.0.11, \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043f\u043e\u0438\u0441\u043a\u0430 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 PoC, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 NIST \u0441\u043c\u043e\u0433\u043b\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c \u043f\u0430\u0442\u0447 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u0432\u043d\u0435\u0441\u0435\u043d\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0445\u043e\u0442\u044c \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438, \u043d\u043e \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043a\u043e\u0434.\n\n\u041f\u043e\u0441\u043b\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0433\u043e \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f Quarkslab \u0437\u0430 \u0441\u0443\u0442\u043a\u0438 \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0430 \u0434\u043b\u044f SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 (CVE-2024-27096, CVSS 8,5) \u0438 SSRF \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 (CVE-2024-27098, CVSS 5,1).\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b SQL \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c SSRF-\u0430\u0442\u0430\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438, \u0438\u043b\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0431\u044b\u043b\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0443 \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2024 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0438 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b CVE, \u0430 \u0432 \u043c\u0430\u0440\u0442\u0435 \u0432\u044b\u0448\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 GLPI 10.0.13, \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0435\u0439 \u0442\u0430\u043a\u0436\u0435 \u0440\u044f\u0434 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0446\u0434\u0435\u043d\u043d\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u043e.", "creation_timestamp": "2024-03-25T18:27:05.000000Z"}, {"uuid": "b10f21b8-309b-4119-b79f-648053675107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27096", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5564", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Quarkslab \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438, \u043a\u0430\u043a \u0432 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0430 \u0438\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0432\u043d\u043e\u0432\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u043c SSRF \u0438 SQL \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 GLPI, \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u043c \u043f\u0430\u043a\u0435\u0442\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u043c\u0438 \u0438 \u0418\u0422.\n\n\u041f\u043e\u043f\u0430\u0432 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u044e\u044e \u0441\u0435\u0442\u044c \u0438 \u043f\u043e\u0441\u043b\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u0430\u043b \u0441\u0435\u0440\u0432\u0435\u0440 GLPI \u0432\u0435\u0440\u0441\u0438\u0438 10.0.10, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e CVE.\n\n\u041d\u043e \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u0441\u043f\u0443\u0441\u0442\u044f \u0431\u044b\u043b\u0430 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430 CVE-2023-43813, \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0432\u0448\u0430\u044f \u0438\u0437\u0443\u0447\u0430\u0435\u043c\u044b\u0439 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440. \u041a\u0430\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 10.0.0 \u0438 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 10.0.11, \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043f\u043e\u0438\u0441\u043a\u0430 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 PoC, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 NIST \u0441\u043c\u043e\u0433\u043b\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c \u043f\u0430\u0442\u0447 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u0432\u043d\u0435\u0441\u0435\u043d\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0445\u043e\u0442\u044c \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438, \u043d\u043e \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043a\u043e\u0434.\n\n\u041f\u043e\u0441\u043b\u0435 \u0431\u043e\u043b\u0435\u0435 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0433\u043e \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f Quarkslab \u0437\u0430 \u0441\u0443\u0442\u043a\u0438 \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0430 \u0434\u043b\u044f SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 (CVE-2024-27096, CVSS 8,5) \u0438 SSRF \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 (CVE-2024-27098, CVSS 5,1).\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b SQL \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c SSRF-\u0430\u0442\u0430\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438, \u0438\u043b\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0431\u044b\u043b\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0443 \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2024 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0438 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b CVE, \u0430 \u0432 \u043c\u0430\u0440\u0442\u0435 \u0432\u044b\u0448\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 GLPI 10.0.13, \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0435\u0439 \u0442\u0430\u043a\u0436\u0435 \u0440\u044f\u0434 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u043c\u0435\u0440 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0446\u0434\u0435\u043d\u043d\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043d\u0435 \u043f\u0440\u0435\u0434\u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u043e.", "creation_timestamp": "2024-03-25T18:27:05.000000Z"}, {"uuid": "87e24085-deab-49c0-a4ab-122262d8be43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27097", "type": "seen", "source": "https://t.me/ctinow/207225", "content": "https://ift.tt/IA8difg\nCVE-2024-27097", "creation_timestamp": "2024-03-13T22:26:45.000000Z"}, {"uuid": "7b9bd34d-c632-4f96-9916-45cf0f44f574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27092", "type": "seen", "source": "https://t.me/ctinow/207653", "content": "https://ift.tt/J9dINs3\nCVE-2024-27092 | Hoppscotch prior 2023.12.6 TeamName input validation", "creation_timestamp": "2024-03-14T11:51:46.000000Z"}, {"uuid": "41834c8b-9719-4613-ac04-1c8b58e2d78f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27097", "type": "seen", "source": "https://t.me/ctinow/207243", "content": "https://ift.tt/IA8difg\nCVE-2024-27097", "creation_timestamp": "2024-03-13T22:31:45.000000Z"}, {"uuid": "c8dfc461-76fb-4f04-be7e-361c76035297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27098", "type": "seen", "source": "https://t.me/ctinow/210827", "content": "https://ift.tt/lW09AUp\nCVE-2024-27098", "creation_timestamp": "2024-03-18T18:26:44.000000Z"}, {"uuid": "5986cf2b-bccb-4f2d-aa26-2905e1a78274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27096", "type": "seen", "source": "https://t.me/ctinow/210826", "content": "https://ift.tt/ky4GfVj\nCVE-2024-27096", "creation_timestamp": "2024-03-18T18:26:43.000000Z"}, {"uuid": "4dc60a62-0c83-44af-b9dd-4fa8767494b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27098", "type": "seen", "source": "https://t.me/ctinow/210822", "content": "https://ift.tt/lW09AUp\nCVE-2024-27098", "creation_timestamp": "2024-03-18T18:21:50.000000Z"}, {"uuid": "d0b48546-d29e-476c-8b2a-b614a5d59bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27096", "type": "seen", "source": "https://t.me/ctinow/210821", "content": "https://ift.tt/ky4GfVj\nCVE-2024-27096", "creation_timestamp": "2024-03-18T18:21:49.000000Z"}, {"uuid": "0cfc6513-c967-4cf1-9796-46e9fc38b9d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27099", "type": "seen", "source": "https://t.me/ctinow/194811", "content": "https://ift.tt/AWFo7le\nCVE-2024-27099", "creation_timestamp": "2024-02-27T20:11:54.000000Z"}, {"uuid": "a1205d40-a65f-4ea8-ad9b-10950201d66f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27093", "type": "seen", "source": "https://t.me/ctinow/193830", "content": "https://ift.tt/8AergVU\nCVE-2024-27093", "creation_timestamp": "2024-02-26T23:26:35.000000Z"}, {"uuid": "e9501cc0-c95f-42e4-927d-5b574dd89cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27093", "type": "seen", "source": "https://t.me/ctinow/193837", "content": "https://ift.tt/8AergVU\nCVE-2024-27093", "creation_timestamp": "2024-02-26T23:26:45.000000Z"}, {"uuid": "0b1ae949-079f-4b72-b385-68963026f852", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-27093", "type": "published-proof-of-concept", "source": "https://github.com/mindersec/minder/security/advisories/GHSA-q6h8-4j2v-pjg4", "content": "", "creation_timestamp": "2024-02-26T21:44:56.000000Z"}, {"uuid": "d606d7f0-724a-4fc6-9a18-c0cc25371db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-27091", "type": "seen", "source": "https://gist.github.com/alon710/1cf437e22a892172012205a9b0e24d57", "content": "# CVE-2024-27091: CVE-2024-27091: Stored Cross-Site Scripting (XSS) to Account Takeover in GeoNode\n\n&gt; **CVSS Score:** 6.1\n&gt; **Published:** 2026-07-13\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2024-27091\n\n## Summary\nA comprehensive security analysis of CVE-2024-27091, a stored cross-site scripting (XSS) vulnerability in the GeoNode geospatial content management system. Unsanitized metadata fields rendered with Django's safe template filter permit stored JavaScript execution, leading directly to admin account takeover via CSRF token theft and silent profile email modification.\n\n## TL;DR\nUnsanitized user-controlled metadata fields rendered via the safe filter in GeoNode templates allow unauthenticated or low-privilege users to store malicious script payloads. Upon administrative review, the script executes within the victim session, permitting silent account takeover.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79 (Improper Neutralization of Input During Web Page Generation)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1**: 6.1 (Medium)\n- **Exploit Status**: Proof of Concept / Code Analysis Available\n- **EPSS Score**: 0.00376 (Percentile: 29.75%)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- GeoNode deployments from version 3.2.0 up to, but excluding, 4.2.3\n- **GeoNode**: &gt;= 3.2.0, &lt; 4.2.3 (Fixed in: `4.2.3`)\n\n## Mitigation\n\n- Upgrade to GeoNode version 4.2.3 or higher.\n- Deploy a restrictive Content Security Policy (CSP) that disables 'unsafe-inline' inside script-src directives.\n- Apply manual template sanitization filters using the nh3 library on legacy deployments.\n\n**Remediation Steps:**\n1. Confirm the current running version of GeoNode using pip show geonode or via admin dashboard controls.\n2. Update requirements.txt to include nh3==0.2.15 and run pip install -r requirements.txt.\n3. Review the metadata_detail.html template and update occurrences of user-controlled fields using safe to include the sanitize_html filter.\n4. Enforce Content-Security-Policy HTTP response headers across all GeoNode subdomains.\n\n## References\n\n- [NVD Vulnerability Detail Page](https://nvd.nist.gov/vuln/detail/CVE-2024-27091)\n- [CVE.org Official Record](https://www.cve.org/CVERecord?id=CVE-2024-27091)\n- [GitHub Security Advisory Details](https://github.com/GeoNode/geonode/security/advisories/GHSA-rwcv-whm8-fmxm)\n- [CVEProject JSON Source](https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27091.json)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-27091) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-13T17:11:49.971044Z"}]}