CVE-2024-55028

CRITICAL9.8EPSS 0.52%

Published: 3/25/2025Modified: 5/21/2026

Description

A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.

Affected packages (1)

PyPI/fprimefrom 0, <= 3.4.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

EXPLOIThttps://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3/