{"url":"http://public2.vulnerablecode.io/api/packages/104291?format=json","purl":"pkg:deb/debian/spip@4.3.2%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"spip","version":"4.3.2+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.3.6+dfsg-1","latest_non_vulnerable_version":"4.4.15+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34832?format=json","vulnerability_id":"VCID-rfpu-t6k1-myep","summary":"SPIP before 4.3.2, 4.2.16, and \n4.1.18 is vulnerable to a command injection issue. A \nremote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8517","reference_id":"","reference_type":"","scores":[{"value":"0.93372","scoring_system":"epss","scoring_elements":"0.99823","published_at":"2026-06-11T12:55:00Z"},{"value":"0.93372","scoring_system":"epss","scoring_elements":"0.99825","published_at":"2026-06-14T12:55:00Z"},{"value":"0.93372","scoring_system":"epss","scoring_elements":"0.99824","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8517"},{"reference_url":"https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html","reference_id":"Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-06T20:29:04Z/"}],"url":"https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html"},{"reference_url":"https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/","reference_id":"spip-preauth-rce-2024-big-upload","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-06T20:29:04Z/"}],"url":"https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/"},{"reference_url":"https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/","reference_id":"spip_preauth_rce_2024_part_2_a_big_upload","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-06T20:29:04Z/"}],"url":"https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/"},{"reference_url":"https://vulncheck.com/advisories/spip-upload-rce","reference_id":"spip-upload-rce","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-06T20:29:04Z/"}],"url":"https://vulncheck.com/advisories/spip-upload-rce"},{"reference_url":"https://usn.ubuntu.com/7318-1/","reference_id":"USN-7318-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7318-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104288?format=json","purl":"pkg:deb/debian/spip@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104259?format=json","purl":"pkg:deb/debian/spip@3.2.11-3%2Bdeb11u10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24re-eqmh-akd4"},{"vulnerability":"VCID-5b25-j5mt-9kcq"},{"vulnerability":"VCID-8mrh-pf8f-mydd"},{"vulnerability":"VCID-9995-pmaf-eyae"},{"vulnerability":"VCID-bp8a-ff2x-73fk"},{"vulnerability":"VCID-e3hd-52jb-nfd1"},{"vulnerability":"VCID-gq4a-14cp-vbdy"},{"vulnerability":"VCID-hhkw-kf21-tugn"},{"vulnerability":"VCID-jnqg-ch1a-4fh6"},{"vulnerability":"VCID-mc7r-2vp9-d7cf"},{"vulnerability":"VCID-mv9y-czzw-5bgt"},{"vulnerability":"VCID-pjah-vzwr-jyem"},{"vulnerability":"VCID-xdz8-ngbr-fufg"},{"vulnerability":"VCID-xm8k-j298-ekck"},{"vulnerability":"VCID-y5s7-ewss-qyaa"},{"vulnerability":"VCID-znpb-3hsx-1ycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@3.2.11-3%252Bdeb11u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104291?format=json","purl":"pkg:deb/debian/spip@4.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104262?format=json","purl":"pkg:deb/debian/spip@4.4.13%2Bdfsg-0%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104261?format=json","purl":"pkg:deb/debian/spip@4.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.4.15%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-8517"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfpu-t6k1-myep"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/spip@4.3.2%252Bdfsg-1%3Fdistro=trixie"}