CVE-2024-56137: MaxKB RCE vulnerability in function library
First published: Thu Jan 02 2025(Updated: )
MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MaxKB Max Knowledge Base | <1.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-56137?
CVE-2024-56137 is classified as a critical vulnerability due to its potential for remote command execution.
How do I fix CVE-2024-56137?
To fix CVE-2024-56137, upgrade to MaxKB version 1.9.0 or later.
What software is affected by CVE-2024-56137?
CVE-2024-56137 affects MaxKB versions prior to 1.9.0.
What kind of vulnerability is CVE-2024-56137?
CVE-2024-56137 is a remote command execution vulnerability.
Is there a workaround for CVE-2024-56137?
Currently, there are no known workarounds for CVE-2024-56137 other than upgrading to the patched version.
- agent/weakness
- agent/references
- agent/type
- agent/title
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/maxkb
- canonical/maxkb max knowledge base