RubySec

Providing security resources for the Ruby community

CVE-2024-43795 (openc3): OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

ADVISORIES

GEM

openc3

SEVERITY

CVSS v3.x: 6.1 (Medium)

PATCHED VERSIONS

  • >= 5.19.0

DESCRIPTION

Summary

The login functionality contains a reflected cross-site scripting (XSS) vulnerability.

Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition

Impact

This issue may lead up to Remote Code Execution (RCE).

NOTE: The complete advisory with much more information is added as comment.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories