{"id":"PYSEC-2024-173","details":"Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.\nSuch a dangerous type might be an executable file that may lead to a remote code execution (RCE).\nThe unrestricted upload is only possible for authenticated and authorized users.\nThis issue affects Apache StreamPipes: through 0.93.0.\n\nUsers are recommended to upgrade to version 0.95.0, which fixes the issue.\n\n","aliases":["CVE-2024-31411","GHSA-6523-jf4r-c962"],"modified":"2025-01-18T22:56:44.925188Z","published":"2024-07-17T10:15:01Z","references":[{"type":"ARTICLE","url":"https://lists.apache.org/thread/b0657okbwzg5xxs11hphvc9qrd9s70mt"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/07/16/10"}],"affected":[{"package":{"name":"streampipes","ecosystem":"PyPI","purl":"pkg:pypi/streampipes"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.95.0"}]}],"versions":["0.0.2.dev0","0.91.0","0.92.0","0.93.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/streampipes/PYSEC-2024-173.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}