CVE-2024-56333

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56333

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56333.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-56333

Aliases

GHSA-qmcw-h4f9-j3h3

Published

2024-12-20T19:52:25.818Z

Modified

2025-12-01T19:53:21.118371Z

Severity

9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator

Summary

Remote code execution in onyxia-api

Details

Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks. This issue has been patched in api versions 4.2.0, 3.1.1, and 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-94"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56333.json"
}

References

Affected packages

Git / github.com/inseefrlab/onyxia

Affected ranges

Type

GIT

Repo

https://github.com/inseefrlab/onyxia

Events

Introduced

Fixed

f580fdc8937a4eb373f8be57c1e7d13ce6547b04

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.8.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/inseefrlab/onyxia

Events

Introduced

b1eb03562d39c2e286fbb65f3862ecb7d9497879

Fixed

4437d9c0a0aa0390e5ad52b98cbe8547eeda68b7

Database specific

{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.1.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/inseefrlab/onyxia

Events

Introduced

9b088c6fc188371780dc1f989ec0c886ed33f5d2

Fixed

9c12cad10cc71084597af81ce5f99524ca6b4cd4

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.2.0"
        }
    ]
}

Affected versions

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.1.0

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.1.0

v7.1.1

v7.1.10

v7.1.11

v7.1.12

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.1.7

v7.1.8

v7.1.9

web-v3.*

web-v3.0.0

web-v3.0.1

web-v3.0.2

web-v3.0.3

web-v3.0.4

web-v3.0.5

web-v3.1.0

web-v4.*

web-v4.0.0

web-v4.0.1

web-v4.0.2

web-v4.0.3

web-v4.1.0

web-v4.1.1

web-v4.1.10

web-v4.1.11

web-v4.1.12

web-v4.1.2

web-v4.1.3

web-v4.1.4

web-v4.1.5

web-v4.1.6

web-v4.1.7

web-v4.1.8

web-v4.1.9