What is CVE-2024-39943?

CVE-2024-39943 is a critical-severity vulnerability in N/a. CVSS score: 9.9/10. Published 2024-07-04.

How severe is CVE-2024-39943?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Is CVE-2024-39943 known to be exploited?

32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-39943

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSy…

EPSS: 0.783 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

JenmrR/Node.js-CVE-2024-39943
Heyholiday067/CVE-2024-39943-Poc
A-little-dragon/CVE-2024-39943-Exploit
AlienTec1908/Matrioshka_
DMW11525708/wiki
Lern0n/Lernon-POC
Linxloop/fork_
WhosGa/MyWiki
Yuan08o/pocs
admin772/POC

References

www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads
github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d
github.com/rejetto/hfs/compare/v0.52.9...v0.52.10

Frequently asked questions

What is CVE-2024-39943?: CVE-2024-39943 is a critical-severity vulnerability in N/a. CVSS score: 9.9/10. Published 2024-07-04.
How severe is CVE-2024-39943?: Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2024-39943 known to be exploited?: 32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.