|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-05-14 | |
| Rule Name: | CrushFTP Server Side Template Injection Vulnerability (CVE-2024-4040) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.crushftp.com/crush10wiki/Wiki.jsp |