Home > Vulnerability Database > CVE-2024-34352

Mend.io Vulnerability Database

CVE-2024-34352

Good to know:

Date: May 9, 2024

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts.

Language: Go

Severity Score

6.5

Related Resources (6)

Url: https://github.com/1Panel-dev/1Panel/commit/e037b69f52799e110af8e98f39a3627ad0285ea6

Url: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34352

Url: https://pkg.go.dev/vuln/GO-2024-2830

Url: https://github.com/1Panel-dev/1Panel

Url: https://www.mend.io/vulnerability-database/CVE-2024-34352

Severity Score

6.5

Weakness Type (CWE)

Command Injection

CWE-77

Top Fix

Upgrade Version

Upgrade to version v1.10.3-lts

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34352

Good to know:

Date: May 9, 2024

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?