CVE-2024-43782
Last modified
CVE-2024-43782 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openedx | Openedx | redwood1 |
| Openedx | Openedx | redwood2 |
References
- https://github.com/openedx/openedx-translations/security/advisories/GHSA-fg8c-2pvj-wx3jPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-43782?
How severe is CVE-2024-43782?
How do I fix CVE-2024-43782?
Are you affected by CVE-2024-43782?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST