CVE-2024-52959
HIGHiota C.ai Conversational Platform <2.1.3 - Code Injection
Title source: llmDescription
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.
References (1)
Core 1
Core References
Vendor Advisory third-party-advisory
https://zuso.ai/advisory/za-2024-12
Scores
CVSS v3
7.2
EPSS
0.0055
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
gss/iota_c.ai
1.0.0 - 2.1.3
Published
Nov 27, 2024
Tracked Since
Feb 18, 2026