CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2024-50603	High	94.4%	AviatrixControllers	Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.	Jan 16, 2025	KEV
CVE-2021-40870	High	94.2%	AviatrixAviatrix Controller	Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.	Jan 18, 2022	KEV

CVE-2024-50603KEV

High

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

AviatrixEPSS 94.4%

CVE-2021-40870KEV

High

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

AviatrixEPSS 94.2%