Vulnerability in N/a

CVE-2024-40348

An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.

EPSS: 0.934 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename…

Frequently asked questions

What is CVE-2024-40348?: CVE-2024-40348 is a vulnerability in N/a. Published 2024-07-20.
Is CVE-2024-40348 known to be exploited?: 28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.