CVE-2024-32838

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-32838

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32838.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-32838

Published

2025-02-12T10:15:13.043Z

Modified

2025-11-15T19:02:00.309176Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter. Users are recommended to upgrade to version 1.10.1, which fixes this issue.

A SQL Validator has been implemented which allows us to configure a series of tests and checks against our SQL queries that will allow us to validate and protect against nearly all potential SQL injection attacks.

References

Affected packages

Git / github.com/apache/fineract

Affected ranges

Type: GIT
Repo: https://github.com/apache/fineract
Events: Introduced

ee99f30e532c828338210bb412b7f876a534f02a

Fixed

227bdf6e4f0d271e19193fe6f9d59f36720a772a

Affected versions

1.*

1.10.0

1.4.0

1.5.0

1.7.0

1.8.0

1.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32838.json"