Security Advisory

CVE-2024-39935

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-04 00:00:00

Last updated 2024-08-21 14:16:18

Assigner mitre

State PUBLISHED

Description

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.

← Browse all CVEs View on cve.org ↗