CVE-2024-28754: raspap-webgui vulnerable to denial of service
(updated )
RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.
References
- dustri.org/b/carrot-disclosure.html
- github.com/RaspAP/raspap-webgui
- github.com/RaspAP/raspap-webgui/commit/d0592b63de9a5da587ab3a51e03e7e566c7f3602
- github.com/RaspAP/raspap-webgui/pull/1546
- github.com/RaspAP/raspap-webgui/pull/1548
- github.com/advisories/GHSA-vc9f-mgxr-h32r
- nvd.nist.gov/vuln/detail/CVE-2024-28754
Detect and mitigate CVE-2024-28754 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →