1Panel Security Update Advisory (CVE-2024-39907, CVE-2024-39911)

Jul 24 2024

Overview

1 Panel has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-39907

1 Panel version: 1.10.9-lts

CVE-2024-39911

1 Panel version: 1.10.10-lts

Resolved Vulnerabilities

Vulnerability due to failure to properly filter user-supplied input in the orderBy parameter (CVE-2024-39907)

RCE vulnerability with unspecified SQL injection via User-Agent handling (CVE-2024-39911)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-39907

1 Panel version: 1.10.12-tls

CVE-2024-39911

1 Panel version: 1.10.12-lts

Referenced Sites

[1] CVE-2024-39907 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39907

[2] An SQL injection issue related to the orderBy clause

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6

[3] CVE-2024-39911 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39911

[4] 1Panel panel frontend SQL injection to website functionality RCE vulnerability

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5

1Panel Security Update Advisory (CVE-2024-39907, CVE-2024-39911)

Siemens Product Security Update Advisory

MS Family July 2024 Routine Security Update Advisory

Tags:

Siemens Product Security Update Advisory

MS Family July 2024 Routine Security Update Advisory