FKIE_CVE-2024-47180

Vulnerability from fkie_nvd - Published: 2024-09-26 20:15 - Updated: 2026-04-15 00:35
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed.
References
security-advisories@github.comhttps://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2
security-advisories@github.comhttps://github.com/badges/shields/issues/10553
security-advisories@github.comhttps://github.com/badges/shields/pull/10551
security-advisories@github.comhttps://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version \u003c `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed."
    },
    {
      "lang": "es",
      "value": "Shields.io es un servicio para insignias concisas, consistentes y legibles en formato SVG y raster. Shields.io y los usuarios que alojan por s\u00ed mismos su propia instancia de escudos usando la versi\u00f3n \u0026lt; `server-2024-09-25` son vulnerables a una vulnerabilidad de ejecuci\u00f3n remota a trav\u00e9s de la librer\u00eda JSONPath utilizada por las insignias Dynamic JSON/Toml/Yaml. Esta vulnerabilidad permitir\u00eda a cualquier usuario con acceso hacer una solicitud a una URL en la instancia con la capacidad de ejecutar c\u00f3digo mediante la creaci\u00f3n de una expresi\u00f3n JSONPath maliciosa. Todos los usuarios que alojan por s\u00ed mismos una instancia son vulnerables. Este problema se solucion\u00f3 en server-2024-09-25. Aquellos que siguen las versiones etiquetadas deben actualizar a `server-2024-09-25` o posterior. Aquellos que siguen la etiqueta continua en DockerHub, `docker pull shieldsio/shields:next` para actualizar a la \u00faltima versi\u00f3n. Como workaround, bloquear el acceso a los endpoints `/badge/dynamic/json`, `/badge/dynamic/toml` y `/badge/dynamic/yaml` (por ejemplo: a trav\u00e9s de un firewall o proxy inverso frente a su instancia) evitar\u00eda que se acceda a los endpoints explotables."
    }
  ],
  "id": "CVE-2024-47180",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-09-26T20:15:07.310",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/badges/shields/issues/10553"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/badges/shields/pull/10551"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.