CVE-2024-39935

HIGH

jc21 NGINX Proxy Manager < 2.11.3 - Authenticated OS Command Injection via DNS Provider Configuration

Title source: llm

Description

jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.

References (3)

Core 3

Core References

Patch

https://github.com/NginxProxyManager/nginx-proxy-manager/commit/99cce7e2b0da2978411cedd7cac5fffbe15bc46

View Patch ZIP pw:eip

Release Notes

https://github.com/NginxProxyManager/nginx-proxy-manager/compare/v2.11.2...v2.11.3

Issue Tracking

https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3662

Scores

CVSS v3 8.8

EPSS 0.0088

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

jc21/nginx_proxy_manager < 2.11.3

Published Jul 04, 2024

Tracked Since Feb 18, 2026