Security Advisory

CVE-2024-10224

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-19 17:35:25
Last updated 2025-11-03 21:51:05
Assigner canonical
State PUBLISHED

Description

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().