{"id":"GHSA-jh63-28gx-7p26","summary":"Command Injection in CasaOS","details":"CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier api.","aliases":["CVE-2022-24193","GO-2022-0606"],"modified":"2024-08-21T15:26:41.180239Z","published":"2022-03-11T00:02:17Z","database_specific":{"cwe_ids":["CWE-78"],"github_reviewed":true,"severity":"CRITICAL","nvd_published_at":"2022-03-10T17:45:00Z","github_reviewed_at":"2022-03-15T19:43:28Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24193"},{"type":"WEB","url":"https://github.com/IceWhaleTech/CasaOS/issues/84"},{"type":"WEB","url":"https://github.com/IceWhaleTech/CasaOS/commit/d060968b7ab08e7f8cbfe7ca9ccdfa47afe9bb06"},{"type":"PACKAGE","url":"https://github.com/IceWhaleTech/CasaOS"},{"type":"WEB","url":"https://www.star123.top/2022/01/08/A-vulnerability-in-CasaOS"},{"type":"WEB","url":"https://www.star123.top/2022/01/08/A-vulnerability-in-CasaOS/#more"}],"affected":[{"package":{"name":"github.com/IceWhaleTech/CasaOS","ecosystem":"Go","purl":"pkg:golang/github.com/IceWhaleTech/CasaOS"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.2.8"}]}],"database_specific":{"last_known_affected_version_range":"\u003c 0.2.7","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-jh63-28gx-7p26/GHSA-jh63-28gx-7p26.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}