Scoold Security Update Advisory (CVE-2024-50334)

Nov 18 2024

Overview

An update has been released to address vulnerabilities in Scoold. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-50334

Scoold versions: ~ 1.64.0 (excluded)

Resolved Vulnerabilities

Authentication bypass via a semicolon path injection vulnerability in the /api;/config endpoint and inclusion of a HOCON file in a PUT request with a Content-Type: application/hocon header could allow sensitive configuration files on the server to be read (CVE-2024-50334)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-50334

Scoold version: 1.64.0

Referenced Sites

[1] CVE-2024-50334 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-50334

[2] Semicolon Path Injection on API /api;/config

https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p

Scoold Security Update Advisory (CVE-2024-50334)

Microsoft Edge browser (131.0.6778.69/.70) version security update advisory

Laravel Security Update Advisory (CVE-2024-52301)

Tags:

Microsoft Edge browser (131.0.6778.69/.70) version security update advisory

Laravel Security Update Advisory (CVE-2024-52301)