{"id":"CVE-2024-8367","details":"A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classified as problematic. Affected is an unknown function of the file src/main/java/uk/gov/hmcts/probate/service/NotificationService.java of the component Markdown Handler. The manipulation leads to injection. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as d90230d7cf575e5b0852d56660104c8bd2503c34. It is recommended to apply a patch to fix this issue.","modified":"2026-04-12T14:03:51.687244Z","published":"2024-09-01T04:15:14.107Z","references":[{"type":"WEB","url":"https://tools.hmcts.net/jira/browse/DTSPB-4180"},{"type":"WEB","url":"https://vuldb.com/?ctiid.276270"},{"type":"WEB","url":"https://vuldb.com/?id.276270"},{"type":"FIX","url":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"type":"FIX","url":"https://github.com/hmcts/probate-back-office/pull/2614"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hmcts/probate-back-office","events":[{"introduced":"0"},{"fixed":"d90230d7cf575e5b0852d56660104c8bd2503c34"}]}],"versions":["4.0.0"],"database_specific":{"vanir_signatures_modified":"2026-04-12T14:03:51Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-13d1c3ea","digest":{"function_hash":"162320807570927562330404415861833061390","length":732},"target":{"file":"src/main/java/uk/gov/hmcts/probate/service/NotificationService.java","function":"sendEmail"},"signature_type":"Function","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-1c74b813","digest":{"function_hash":"307751881270229677726738199408656458785","length":1082},"target":{"file":"src/main/java/uk/gov/hmcts/probate/service/NotificationService.java","function":"sendCaveatEmail"},"signature_type":"Function","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-2a0a0f53","digest":{"function_hash":"324988480528322876350764217362495657111","length":1732},"target":{"file":"src/main/java/uk/gov/hmcts/probate/service/NotificationService.java","function":"sendEmail"},"signature_type":"Function","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-7c990a2f","digest":{"function_hash":"212364935439096908241350000950915480003","length":14825},"target":{"file":"src/integrationTest/java/uk/gov/hmcts/probate/service/NotificationServiceIT.java","function":"setUp"},"signature_type":"Function","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-9eef1f1d","digest":{"line_hashes":["129436139773309207029408268182826122543","233145630207297619517933704984572357329","149695626118534855969262231993810541210","167640317753761903616764218246848407687","142260775212408421446875839138916549180","138235768271816749856420849006296613358","303622486043936079621865549986888359969","219378740861225159191107063186756276373","314312674340225387589907684593685759598","125778096512535086306005012022701656932","184752724014378494104662862004076657955","305347425891399851237652121429269485080","209810484712773193346850251241000044381","316632484775754339382238487849499159970","332198637149827059439152565614062291605","80174102177234219836089635251912027082","123884961233809232586625224066952894498","326791324422520485823688995911417388816","135737963180135991050117679433910641755","249563787347514215173224615230425898428","218780064091876256302076238980522430476","209936597152875831226797795168445943139","175091820449899186084071355687379343919","78628029780722496792541687681977011721","167015035710707504705396877920232783152","180935813790749428191716840951869725585","103404900874551669303767496942977010098","160084686582929574426717390719689171943","206974715674038105065296370034964423456","194226526124888753930793762752320348268","77031208220430653054177168152576079588","189036627080728808659860694406958484060","246295226649586283989861759039206688338","117912635011158293059550893405056639668","53051503942970635043621782260199021565","293177121717199698192127199086177410230","236018152323186209680875320666191815835"],"threshold":0.9},"target":{"file":"src/main/java/uk/gov/hmcts/probate/service/NotificationService.java"},"signature_type":"Line","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-a00ac0fb","digest":{"function_hash":"325664614965208885332244884680902519666","length":741},"target":{"file":"src/main/java/uk/gov/hmcts/probate/service/NotificationService.java","function":"sendGrantNotificationEmail"},"signature_type":"Function","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-c17d8202","digest":{"function_hash":"157064747548449160400988919973503365390","length":1053},"target":{"file":"src/main/java/uk/gov/hmcts/probate/service/NotificationService.java","function":"sendEmailWithDocumentAttached"},"signature_type":"Function","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"},{"signature_version":"v1","deprecated":false,"id":"CVE-2024-8367-f234c206","digest":{"line_hashes":["78964947729772173619336970294470061101","168090617331612802130037856791718074065","63145200340775329102545075319627595125","29112274640120200332490678235777376834","57597961779591126823045960986131412390","159596918333680069880618741531623829388","22641006832018706674490202424414131945","220502376512588531774620119599646859189","157969889559973391751145831934521941315","229469740968012809923136302503561587261","287470658083953886633912435594216620637","176543116334195984036055332219856398394","336545580306355765789072457477091062779","189040898265061225069505729403595334469","129773195229129208767895392204236080898","28010636405895440595576385993380248250","161862927170256663667651292847527072795"],"threshold":0.9},"target":{"file":"src/integrationTest/java/uk/gov/hmcts/probate/service/NotificationServiceIT.java"},"signature_type":"Line","source":"https://github.com/hmcts/probate-back-office/commit/d90230d7cf575e5b0852d56660104c8bd2503c34"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8367.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}