What is CVE-2024-6746?

CVE-2024-6746 is a medium-severity vulnerability in Naibowang Easyspider, classified under CWE-24. CVSS score: 4.3/10. Published 2024-07-15.

How severe is CVE-2024-6746?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2024-6746 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Naibowang Easyspider

CVE-2024-6746

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Hand…

EPSS: 0.810 (99.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Naibowang Easyspider — versions 0.6.2

Weakness classification (CWE)

CWE-24

Public proof-of-concept exploits

20142995/nuclei-templates

References

VDB-271477 | NaiboWang EasySpider HTTP GET Request server.js path traversal (vdb-entry, technical-description)
VDB-271477 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #371998 | NaiboWang EasySpider Version 0.6.2 Arbitrary File Read Vulnerability (third-party-advisory)
github.com/NaiboWang/EasySpider/issues/466 (exploit, issue-tracking)

Frequently asked questions

What is CVE-2024-6746?: CVE-2024-6746 is a medium-severity vulnerability in Naibowang Easyspider, classified under CWE-24. CVSS score: 4.3/10. Published 2024-07-15.
How severe is CVE-2024-6746?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2024-6746 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.