CVE-2024-53412 — NietThijmen ShoppingCart: Command injection in the connect function

Description

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field

How to fix CVE-2024-53412

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2024-53412 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 0.0.0-20241101155353-3dd137080276

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-53412
PATCHgithub.com/NietThijmen/ShoppingCart
WEBgithub.com/Buckdray/vulnerability-research/blob/main/CVE-2024-53412/README.md
WEBgithub.com/NietThijmen/ShoppingCart/issues/1