CVE-2024-1297

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-1297

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1297.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-1297

Published

2024-02-20T00:15:14.463Z

Modified

2026-02-24T11:47:33.518315Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Loomio version 2.22.0 allows executing arbitrary commands on the server.

This is possible because the application is vulnerable to OS Command Injection.

References

Affected packages

Git / github.com/loomio/loomio

Affected ranges

Type: GIT
Repo: https://github.com/loomio/loomio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6bc5429bfb5a9c7c811a4487d97ea54a8b23a0fa

Affected versions

0.*

0.16.0

0.17.0

0.18.0

0.19.0

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.8.0

1.9.0

v.*

v.2.21.4

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.9.0

v1.*

v1.7.0

v2.*

v2.1.10

v2.1.11

v2.1.12

v2.10.0

v2.10.1

v2.11.0

v2.11.1

v2.11.10

v2.11.11

v2.11.12

v2.11.13

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.11.6

v2.11.7

v2.11.9

v2.12.0

v2.12.1

v2.12.2

v2.13.0

v2.13.1

v2.13.2

v2.14.0

v2.14.1

v2.14.2

v2.14.3

v2.14.4

v2.14.5

v2.14.6

v2.14.7

v2.15.0

v2.15.1

v2.15.2

v2.15.3

v2.15.4

v2.15.5

v2.17.0

v2.17.1

v2.17.2

v2.17.3

v2.17.4

v2.18.1

v2.18.2

v2.18.3

v2.19.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.20.0

v2.20.1

v2.21.0

v2.21.1

v2.21.2

v2.21.3

v2.21.4

v2.21.5

v2.22.0

v2.22.1

v2.3.1

v2.4.0

v2.4.1

v2.4.2

v2.5.0

v2.5.1

v2.5.3

v2.5.4

v2.5.5

v2.6.1

v2.6.2

v2.7.1

v2.7.10

v2.7.12

v2.7.12a

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.9.0

v2.9.1

v2.9.2

v2.9.2p1

v2.9.3

Other

v2018-03-08

v2018-03-08-1

v2019-03-05-1

v2019-04-15-1

v2019-06-15-1

v2019-10-09

v2019-10-10

v2019-11-08

v2019-11-13

v2019-11-22

v2019-11-23

v2020-02-04

v2020-02-10

v2020-02-17

v2020-02-26

v2020-03-16

v2020-04-07

v2020-04-14

v2020-04-20

v2020-05-04

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1297.json"