BIT-appsmith-2024-55964

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/appsmith/BIT-appsmith-2024-55964.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-appsmith-2024-55964

Aliases

CVE-2024-55964
GHSA-m95x-4w54-gc83

Published

2025-04-02T07:06:54.525Z

Modified

2025-04-02T07:56:50.303771Z

Summary

[none]

Details

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.

Database specific

{
    "cpes": [
        "cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}

References

https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83

Affected packages

Bitnami / appsmith

Package

Name: appsmith
Purl: pkg:bitnami/appsmith

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.52.0