nvd-json-data-feeds/CVE-2024/CVE-2024-271xx/CVE-2024-27140.json

{
  "id": "CVE-2024-27140",
  "sourceIdentifier": "security@apache.org",
  "published": "2024-03-01T16:15:46.143",
  "lastModified": "2024-08-05T21:15:38.120",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [
    {
      "sourceIdentifier": "security@apache.org",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.\n\nThis issue affects Apache Archiva: from 2.0.0.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
    },
    {
      "lang": "es",
      "value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Apache Archiva. Este problema afecta a Apache Archiva: desde 2.0.0. Como este proyecto est\u00e1 retirado, no planeamos lanzar una versi\u00f3n que solucione este problema. Se recomienda a los usuarios que busquen una alternativa o restrinjan el acceso a la instancia a usuarios confiables. Alternativamente, puede configurar un proxy HTTP frente a su instancia de Archiva para reenviar solo solicitudes que no tengan caracteres maliciosos en la URL. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.openwall.com/lists/oss-security/2024/03/01/2",
      "source": "security@apache.org"
    },
    {
      "url": "https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy",
      "source": "security@apache.org"
    }
  ]
}