CVE-2024-28211

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

CWE	CWE-502
Vendor	naver
Product	ngrinder
Published	Mar 7, 2024
Last Updated	Aug 5, 2024

Stay Ahead of the Next One

Get instant alerts for naver ngrinder

Be the first to know when new critical vulnerabilities affecting naver ngrinder are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NAVER / nGrinder

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cve.naver.com: https://cve.naver.com/detail/cve-2024-28211.html

Credits

Peter Stöckli of GitHub Security Lab