CVE-2024-45387

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45387

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45387.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-45387

Aliases

Downstream

SUSE-SU-2025:0060-1

openSUSE-SU-2025:14624-1

Related

Published

2024-12-23T16:15:06.590Z

Modified

2026-01-30T00:59:48.404823Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.

Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.

References

Affected packages

Git / github.com/apache/incubator-trafficcontrol

Affected ranges

Type: GIT
Repo: https://github.com/apache/incubator-trafficcontrol
Events: Introduced

21907895d39c429dfa9795d1f36717f206a4cf4b

Fixed

7cc23eb95a7fe9b9e679d86d6645b97ce96a4094

Affected versions

RELEASE-8.*

RELEASE-8.0.0

RELEASE-8.0.1

RELEASE-8.0.1-RC0

RELEASE-8.0.1-RC1

RELEASE-8.0.2-RC0

v8.*

v8.0.0

v8.0.1

v8.0.1-rc0

v8.0.1-rc1

v8.0.2-rc0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45387.json"