← Back to CVE List

CVE-2024-32651

Published: 2024-04-26T00:15Z
Last Modified: 2024-11-21T09:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt