CVE-2024-35058

HIGH

NASA AIT-Core < 2.5.2 - Remote Code Execution via API Wait Function

Title source: llm

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.

Core 2

Core References

Third Party Advisory

Exploit

CVSS v3 7.5

EPSS 0.0043

EPSS Percentile 34.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-319

Status published

Products (2)

nasa/ait_core < 2.5.2

pypi/ait-core 0PyPI

Published May 21, 2024

Tracked Since Feb 18, 2026