What is CVE-2024-5351?

CVE-2024-5351 is a medium-severity vulnerability in Anji-plus Aj-report, classified under Deserialization of Untrusted Data. CVSS score: 6.3/10. Published 2024-05-26.

How severe is CVE-2024-5351?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2024-5351 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Anji-plus Aj-report

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. T…

Vulnerability class: Insecure Deserialization

EPSS: 0.001 (22.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Anji-plus Aj-report — versions 1.4.0, 1.4.1

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

VDB-266263 | anji-plus AJ-Report Javascript getValueFromJs deserialization (vdb-entry, technical-description)
VDB-266263 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
github.com/anji-plus/report/issues/34 (issue-tracking)
github.com/anji-plus/report/files/15363269/aj-report.pdf (exploit)

Frequently asked questions

What is CVE-2024-5351?: CVE-2024-5351 is a medium-severity vulnerability in Anji-plus Aj-report, classified under Deserialization of Untrusted Data. CVSS score: 6.3/10. Published 2024-05-26.
How severe is CVE-2024-5351?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2024-5351 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.