{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61530?format=json","vulnerability_id":"VCID-cvet-nm5r-y3du","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py.\n\nThis issue affects migration-tools: from 1.0.0 through 1.0.1.","aliases":[{"alias":"CVE-2024-24892"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://gitee.com/src-openeuler/migration-tools/pulls/12","reference_id":"12","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:23:10Z/"}],"url":"https://gitee.com/src-openeuler/migration-tools/pulls/12"},{"reference_url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275","reference_id":"?id=openEuler-SA-2024-1275","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-28T18:23:10Z/"}],"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275"}],"weaknesses":[{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."},{"cwe_id":269,"name":"Improper Privilege Management","description":"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor."}],"exploits":[],"severity_range_score":"8.1 - 8.1","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvet-nm5r-y3du"}