CVE-2024-37759

CRITICAL

Datagear < 5.0.0 - Injection

Title source: rule

Description

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.

Exploits (1)

nomisec WORKING POC 5 stars

by crumbledwall · poc

https://github.com/crumbledwall/CVE-2024-37759_PoC

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/crumbledwall/CVE-2024-37759_PoC

[Exploit, Third Party Advisory] https://github.com/datageartech/datagear/issues/32

Scores

CVSS v3 9.8

EPSS 0.8067

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (1)

datagear/datagear < 5.0.0

Published Jun 24, 2024

Tracked Since Feb 18, 2026