{"id":"CVE-2024-8374","details":"UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases.","modified":"2026-04-10T05:47:59.805791Z","published":"2024-09-03T10:15:06.483Z","references":[{"type":"FIX","url":"https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ultimaker/cura","events":[{"introduced":"0"},{"last_affected":"04ddb8e6e0d5fb66a7f42dca18d3a5aed9cc6abe"},{"introduced":"0"},{"last_affected":"7db39ae11df995fe9c0421ed8c5c73407073beb9"},{"introduced":"0"},{"last_affected":"eb7c753f44bd20b8a126058f80568031a9036281"},{"fixed":"285a241eb28da3188c977f85d68937c0dad79c50"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.7.0-NA"},{"introduced":"0"},{"last_affected":"5.7.1"},{"introduced":"0"},{"last_affected":"5.7.2-rc2"}]}}],"versions":["5.7.0","5.7.0-beta.1","5.7.1","5.7.2-RC2","5.8.0-beta.1-RC1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.7.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.8.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.8.0-beta1_rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.8.0-beta1_rc2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8374.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}