Vulnerability in Greenwoodsoftware Less
CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted f…
EPSS: 0.006 (45.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Greenwoodsoftware Less
- Netapp Bootstrap_os
- Netapp Hci_compute_node
- Netapp Hci_storage_nodes
- Netapp Solidfire
- Debian Debian_linux — versions 10.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Patch, Mailing List)
- cve@mitre.org (Mailing List)
- cve@mitre.org (Patch)
- cve@mitre.org (mailing-list, Mailing List)
- cve@mitre.org (Vendor Advisory)
- cve@mitre.org (mailing-list, Mailing List)
Frequently asked questions
- What is CVE-2024-32487?
- CVE-2024-32487 is a high-severity vulnerability in Greenwoodsoftware Less, classified under Improper Neutralization of Directives in Statically Saved Code (Static Code Injection). CVSS score: 8.6/10. Published 2024-04-13.
- How severe is CVE-2024-32487?
- High severity. CVSS v3 base score is 8.6 out of 10.
- Is CVE-2024-32487 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.