Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-8367

Good to know:

icon

Date: August 31, 2024

A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/NotificationService.java of the component Markdown Handler. The manipulation leads to injection. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as d90230d7cf575e5b0852d56660104c8bd2503c34. It is recommended to apply a patch to fix this issue.

Language: Java

Severity Score

Related Resources (7)

https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34
https://nvd.nist.gov/vuln/detail/CVE-2024-8367
https://vuldb.com/?id.276270
https://tools.hmcts.net/jira/browse/DTSPB-4180
https://vuldb.com/?ctiid.276270
https://github.com/hmcts/probate-back-office/pull/2614
https://www.mend.io/vulnerability-database/CVE-2024-8367

Severity Score

Weakness Type (CWE)

Injection

CWE-74

Top Fix

icon

Upgrade Version

Upgrade to version d90230d7cf575e5b0852d56660104c8bd2503c34

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT_NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): ADJACENT
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us