Description

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.

INFO

Published Date :

2025-03-26T00:00:00.000Z

Last Modified :

2025-03-27T13:33:44.023Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-55964 vulnerability.

Vendors Products
Appsmith
  • Appsmith
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55964.

URL Resource
https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact