CVE-2024-34060

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-34060

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34060.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-34060

Aliases

GHSA-9rw6-5q9j-82fm

Published

2024-05-23T12:01:39.630Z

Modified

2025-11-30T18:55:34.090928Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Arbitrary File Write in IRIS EVTX Pipeline

Details

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34060.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/dfir-iris/iris-evtx-module

Affected ranges

Type: GIT
Repo: https://github.com/dfir-iris/iris-evtx-module
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e45fc94a31e1ee4641d608a387dfd9f9e68dbca

Affected versions

v0.*

v0.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34060.json"