{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5351","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-05-25T05:36:58.429Z","datePublished":"2024-05-26T00:00:06.021Z","dateUpdated":"2024-08-01T21:11:12.476Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-05-26T00:00:06.021Z"},"title":"anji-plus AJ-Report Javascript getValueFromJs deserialization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-502","lang":"en","description":"CWE-502 Deserialization"}]}],"affected":[{"vendor":"anji-plus","product":"AJ-Report","versions":[{"version":"1.4.0","status":"affected"},{"version":"1.4.1","status":"affected"}],"modules":["Javascript Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263."},{"lang":"de","value":"In anji-plus AJ-Report bis 1.4.1 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion getValueFromJs der Komponente Javascript Handler. Durch Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-05-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-05-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-05-25T07:42:20.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.266263","name":"VDB-266263 | anji-plus AJ-Report Javascript getValueFromJs deserialization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.266263","name":"VDB-266263 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://github.com/anji-plus/report/issues/34","tags":["issue-tracking"]},{"url":"https://github.com/anji-plus/report/files/15363269/aj-report.pdf","tags":["exploit"]}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-5351","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-30T14:25:11.296370Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T18:01:42.934Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:11:12.476Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.266263","name":"VDB-266263 | anji-plus AJ-Report Javascript getValueFromJs deserialization","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.266263","name":"VDB-266263 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/anji-plus/report/issues/34","tags":["issue-tracking","x_transferred"]},{"url":"https://github.com/anji-plus/report/files/15363269/aj-report.pdf","tags":["exploit","x_transferred"]}]}]}}