CVE-2024-24897
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
25/03/2024
Last modified:
15/04/2026
Description
Improper Neutralization of Special Elements used in a Command (&#39;Command Injection&#39;) vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py.<br />
<br />
This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.<br />
<br />
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45
- https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273
- https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45
- https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273