What is CVE-2024-46977?

CVE-2024-46977 is a vulnerability in Openc3 Cosmos, classified under Path Traversal. Published 2024-10-02.

Is CVE-2024-46977 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Openc3 Cosmos

CVE-2024-46977

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.011 (78.8th percentile) — read the EPSS interpretation.

Affected products

Openc3 Cosmos — versions < 5.19.0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8 (x_refsource_CONFIRM)
https://github.com/OpenC3/cosmos/commit/a34e61aea5a465f0ab3e57d833ae7ff4cafd710b (x_refsource_MISC)
https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-46977?: CVE-2024-46977 is a vulnerability in Openc3 Cosmos, classified under Path Traversal. Published 2024-10-02.
Is CVE-2024-46977 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.