Overview
1Panel has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-39907
- 1 Panel version: 1.10.9-lts
Resolved Vulnerabilities
Vulnerability due to failure to properly filter user-supplied input in the orderBy parameter (CVE-2024-39907)
Vulnerability Patches
Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-39907
- 1 Panel version: 1.10.12-tls
Referenced Sites
[1] CVE-2024-39907 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-39907
[2] An SQL injection issue related to the orderBy clause
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
Article Link: 1Panel Security Update Advisory (CVE-2024-39907, CVE-2024-39911) – ASEC