{"id":"CVE-2024-42166","details":"The function \"generate_app_certificates\" in lib/app_certificates.js of FIWARE Keyrock \u003c= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name.","modified":"2026-03-12T07:50:10.503787Z","published":"2024-08-12T13:38:33.290Z","references":[{"type":"EVIDENCE","url":"https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ging/fiware-idm","events":[{"introduced":"0"},{"last_affected":"4577eaed678fbfd46732b8b34b8adcf607788ffd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.4"}]}}],"versions":["7.0.0","7.0.1","7.0.2","7.3.0","7.3.1","7.4.0","7.5.0","7.5.1","7.6.0","7.7.0","7.8.0","7.8.1","7.8.2","7.9.0","7.9.1","7.9.2","8.0.0","8.1.0","8.2.0","8.3.0","8.3.1","8.3.2","8.3.3","8.4.0","FIWARE_7.4.0","FIWARE_7.5","FIWARE_7.5.0","FIWARE_7.5.1","FIWARE_7.6","FIWARE_7.7","FIWARE_7.8","FIWARE_7.8.1","FIWARE_7.8.2","FIWARE_7.9","FIWARE_7.9.1","FIWARE_7.9.2","FIWARE_8.0","FIWARE_8.1","FIWARE_8.2","FIWARE_8.3","FIWARE_8.3.1","FIWARE_8.3.2","FIWARE_8.3.3","FIWARE_8.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42166.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}