Severity: medium (5.4)

First published: Fri Sep 15 2023

Last modified: Wed Sep 20 2023

CWE: 94

Code Injection in GitHub repository librenms/librenms prior to 23.9.0.

Any of

  • composer/librenms/librenms
    fixed in: 23.9.0


  • What is the vulnerability ID for this code injection vulnerability?

    The vulnerability ID for this code injection vulnerability is GHSA-57m2-mpc7-gwgx.

  • What is the severity of vulnerability GHSA-57m2-mpc7-gwgx?

    The severity of vulnerability GHSA-57m2-mpc7-gwgx is medium with a CVSS score of 5.4.

  • Which software package is affected by vulnerability GHSA-57m2-mpc7-gwgx?

    The software package affected by vulnerability GHSA-57m2-mpc7-gwgx is librenms/librenms.

  • What is the remedy for vulnerability GHSA-57m2-mpc7-gwgx?

    The remedy for vulnerability GHSA-57m2-mpc7-gwgx is to update to version 23.9.0 of librenms/librenms.

  • Where can I find more information about vulnerability GHSA-57m2-mpc7-gwgx?

    More information about vulnerability GHSA-57m2-mpc7-gwgx can be found at the following references: [CVE-2023-4977](https://nvd.nist.gov/vuln/detail/CVE-2023-4977), [GitHub Commit](https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0), [Huntr Bounty](https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc).

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia
© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203