CVE-2023-24188

Description

ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability.

How to fix CVE-2023-24188

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Maven/com.bstek.ureport:ureport2-core—no fix listed

Is CVE-2023-24188 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 2.2.9

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-24188
• PATCHgithub.com/youseries/ureport
• WEBgithub.com/cgddgc/vulns/blob/main/ureport2-filedelete-vuln.md
• WEBgithub.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24188.md
• WEB