{"id":"CVE-2024-56333","summary":"Remote code execution in onyxia-api","details":"Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks. This issue has been patched in api versions 4.2.0, 3.1.1, and 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.","aliases":["GHSA-qmcw-h4f9-j3h3"],"modified":"2026-04-10T05:20:50.888146Z","published":"2024-12-20T19:52:25.818Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56333.json","cwe_ids":["CWE-94"]},"references":[{"type":"WEB","url":"https://docs.onyxia.sh/vulnerability-disclosure/known-vulnerabilities/vulnerability-20241219"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56333.json"},{"type":"ADVISORY","url":"https://github.com/InseeFrLab/onyxia/security/advisories/GHSA-qmcw-h4f9-j3h3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56333"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/inseefrlab/onyxia","events":[{"introduced":"0"},{"fixed":"f580fdc8937a4eb373f8be57c1e7d13ce6547b04"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.8.2"}]}},{"type":"GIT","repo":"https://github.com/inseefrlab/onyxia","events":[{"introduced":"b1eb03562d39c2e286fbb65f3862ecb7d9497879"},{"fixed":"4437d9c0a0aa0390e5ad52b98cbe8547eeda68b7"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.1.1"}]}},{"type":"GIT","repo":"https://github.com/inseefrlab/onyxia","events":[{"introduced":"9b088c6fc188371780dc1f989ec0c886ed33f5d2"},{"fixed":"9c12cad10cc71084597af81ce5f99524ca6b4cd4"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"fixed":"4.2.0"}]}}],"versions":["v0.1","v0.11.104","v0.11.14","v0.11.15","v0.11.16","v0.11.18","v0.11.19","v0.11.22","v0.11.26","v0.11.27","v0.11.29","v0.11.31","v0.11.32","v0.11.34","v0.11.36","v0.11.41","v0.11.43","v0.11.44","v0.11.45","v0.11.46","v0.11.47","v0.11.48","v0.11.49","v0.11.50","v0.11.51","v0.11.53","v0.11.54","v0.11.55","v0.11.57","v0.11.58","v0.11.59","v0.11.62","v0.11.63","v0.11.64","v0.11.65","v0.11.67","v0.11.68","v0.11.70","v0.11.71","v0.11.72","v0.11.74","v0.11.75","v0.11.76","v0.11.77","v0.11.78","v0.11.80","v0.11.82","v0.11.83","v0.11.84","v0.11.85","v0.11.86","v0.11.87","v0.11.88","v0.11.89","v0.11.90","v0.11.91","v0.11.92","v0.11.93","v0.11.94","v0.12.0","v0.12.2","v0.12.5","v0.12.6","v0.13.0","v0.13.1","v0.15.1","v0.15.10","v0.15.11","v0.15.13","v0.15.16","v0.15.17","v0.15.18","v0.15.5","v0.15.6","v0.15.7","v0.15.8","v0.15.9","v0.16.11","v0.16.9","v0.17.1","v0.17.2","v0.18.0","v0.18.1","v0.18.3","v0.18.6","v0.19.0","v0.19.1","v0.19.12","v0.19.2","v0.19.5","v0.19.6","v0.19.7","v0.19.8","v0.19.9","v0.2","v0.2.1","v0.2.2","v0.20.0","v0.21.0","v0.22.0","v0.23.0","v0.24.0","v0.24.1","v0.25.0","v0.25.1","v0.26.1","v0.26.10","v0.26.14","v0.26.15","v0.26.16","v0.26.17","v0.26.19","v0.26.22","v0.26.25","v0.26.3","v0.26.4","v0.26.8","v0.28.0","v0.3","v0.30.0","v0.31.0","v0.32.0","v0.32.2","v0.32.3","v0.33.1","v0.34.0","v0.34.1","v0.35.0","v0.37.1","v0.38.2","v0.38.3","v0.39.0","v0.4","v0.40.0","v0.40.10","v0.40.11","v0.40.3","v0.41.0","v0.41.1","v0.42.1","v0.42.2","v0.42.3","v0.43.0","v0.43.1","v0.43.2","v0.43.3","v0.43.6","v0.43.7","v0.44.2","v0.45.0","v0.46.0","v0.46.2","v0.47.1","v0.48.0","v0.48.1","v0.48.10","v0.48.12","v0.48.2","v0.48.3","v0.48.5","v0.48.6","v0.48.8","v0.48.9","v0.49.0","v0.49.1","v0.49.2","v0.49.3","v0.49.5","v0.5","v0.5.1","v0.50.0","v0.50.1","v0.50.2","v0.50.3","v0.50.4","v0.50.5","v0.50.6","v0.50.7","v0.51.1","v0.54.0","v0.54.1","v0.54.2","v0.55.1","v0.55.10","v0.55.14","v0.55.15","v0.55.16","v0.55.17","v0.55.2","v0.55.3","v0.56.2","v0.56.3","v0.56.4","v0.56.6","v0.56.7","v0.57.0","v0.57.3","v0.58.0","v0.58.1","v0.58.10","v0.58.11","v0.58.12","v0.58.13","v0.58.14","v0.58.15","v0.58.16","v0.58.17","v0.58.18","v0.58.19","v0.58.20","v0.58.21","v0.58.22","v0.58.23","v0.58.24","v0.58.25","v0.58.26","v0.58.27","v0.58.28","v0.58.29","v0.58.30","v0.58.31","v0.58.32","v0.58.33","v0.58.34","v0.58.35","v0.58.36","v0.58.37","v0.59.0","v0.59.1","v0.6","v0.6.1","v0.6.2","v0.6.3","v0.7.0","v0.7.1","v0.7.10","v0.7.12","v0.7.13","v0.7.15","v0.7.16","v0.7.17","v0.7.18","v0.7.19","v0.7.2","v0.7.22","v0.7.3","v0.7.4","v0.7.44","v0.7.5","v0.7.6","v0.7.7","v0.7.8","v0.7.9","v0.9.6","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.1.0","v2.1.1","v2.1.10","v2.1.11","v2.1.12","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.1.6","v2.1.7","v2.1.8","v2.1.9","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.15","v2.2.16","v2.2.17","v2.2.18","v2.2.19","v2.2.2","v2.2.20","v2.2.21","v2.2.22","v2.2.23","v2.2.24","v2.2.25","v2.2.26","v2.2.27","v2.2.28","v2.2.29","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.1","v2.4.0","v2.4.1","v2.5.0","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.7.0","v2.7.1","v2.7.2","v2.8.0","v2.8.1","v5.0.0","v5.0.3","v5.0.4","web-v3.0.0","web-v3.0.2","web-v3.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56333.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}]}