CVE-2024-29643

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29643
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574 Exploit Press/Media Coverage
https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574 Exploit Press/Media Coverage
Configurations

Configuration 1 (hide)

cpe:2.3:a:croogo:croogo:3.0.2:*:*:*:*:*:*:*
History

28 May 2025, 15:51

Type Values Removed Values Added
First Time Croogo
Croogo croogo
CPE cpe:2.3:a:croogo:croogo:3.0.2:*:*:*:*:*:*:*
References () https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574 - () https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574 - Exploit, Press/Media Coverage

22 Apr 2025, 15:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1
Summary
  • (es) Un problema en croogo v.3.0.2 permite a un atacante realizar una inyección de encabezado de host a través del componente feed.rss.
References () https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574 - () https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574 -
CWE CWE-444

21 Apr 2025, 14:23

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-18 15:15

Updated : 2025-05-28 15:51

NVD link : CVE-2024-29643

Mitre link : CVE-2024-29643

CVE.ORG link : CVE-2024-29643

JSON object : View

Products Affected

croogo

  • croogo
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')