CVE-2024-55964

Critical CVSS: 9.8

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.

Vendor

Appsmith

Product

Appsmith

CWE

CWE-94

Yayın Tarihi

2025-03-26 20:15:21

Güncelleme

2025-04-01 16:34:34

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Appsmith CRITICAL Appsmith 2025

Referanslar

https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83

Benzer Kayıtlar

Medium

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticat…

Critical

CVE-2026-30862

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulne…

Critical

CVE-2026-24042

Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly acces…

Critical

CVE-2026-22794

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin…

Medium

CVE-2024-55965

An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development in…

Medium

CVE-2024-55963

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the…