{"id":"CVE-2024-44843","details":"An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.","modified":"2026-04-10T05:16:43.207900Z","published":"2025-04-15T21:15:46.730Z","references":[{"type":"WEB","url":"https://github.com/steve-community/steve/blob/master/src/main/java/de/rwth/idsg/steve/ocpp/ws/OcppWebSocketHandshakeHandler.java"},{"type":"REPORT","url":"https://github.com/steve-community/steve/issues/1546"},{"type":"EVIDENCE","url":"https://gist.github.com/Badranh/94359664799db6d4709871f0c353f476"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/steve-community/steve","events":[{"introduced":"0"},{"last_affected":"880fb4d74c7e203d0370c297f68d30d620329f4c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.7.1"}]}}],"versions":["steve-1.0.10","steve-1.0.11","steve-1.0.2","steve-1.0.3","steve-1.0.4","steve-1.0.5","steve-1.0.6","steve-1.0.7","steve-1.0.8","steve-1.0.9","steve-1.1.1","steve-1.2.0","steve-1.3.0","steve-2.0.0","steve-2.0.1","steve-2.0.2","steve-2.0.3","steve-2.0.4","steve-2.0.5","steve-2.0.6","steve-2.1.0","steve-3.0.0","steve-3.0.1","steve-3.0.2","steve-3.1.0","steve-3.2.0","steve-3.3.0","steve-3.3.1","steve-3.3.2","steve-3.4.0","steve-3.4.1","steve-3.4.2","steve-3.4.3","steve-3.4.4","steve-3.4.5","steve-3.4.6","steve-3.4.7","steve-3.4.8","steve-3.4.9","steve-3.5.0","steve-3.6.0","steve-3.7.0","steve-3.7.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44843.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"}]}