CVE Vulnerabilities

CVE-2024-43033

Improper Handling of Windows ::DATA Alternate Data Stream

Published: Aug 22, 2024 | Modified: Jun 03, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.

Weakness

The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).

Affected Software

Name Vendor Start Version End Version
Jpress Jpress * 5.1.1 (including)

Potential Mitigations

References