### [CVE-2024-57971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57971)
![](https://img.shields.io/static/v1?label=Product&message=KNOWAGE&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-99%20Improper%20Control%20of%20Resource%20Identifiers%20('Resource%20Injection')&color=brightgreen)

### Description

DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.

### POC

#### Reference
- https://github.com/darumaseye/CVEs/blob/ec2de9f7ecffde466e687745bfdfc672e86241d7/CVE-2024-57971.md

#### Github
No PoCs found on GitHub currently.