Experts recommend updating your systems to prevent undesirable consequences.
Specialists from Angara Security found two vulnerabilities in IT solutions FreeIPA (an open project of RedHat) and React Native Image Picker (the React Native library). Vulnerabilities were identified during a security study of web and mobile applications of the announced solutions.
A vulnerability with the identifier CVE-2024–1481 was found in the FreeIPA system, rated at 5.3 points on the CVSS scale. This flaw allows unauthorized users to cause a denial of service of a FreeIPA-based domain controller via a specially generated HTTP request. According to representatives of the company, many Russian solutions for import substitution of Microsoft AD are built on FreeIPA and, most likely, all of them contain the found vulnerability.
The FreeIPA developers quickly fixed the problem and released an update, so we recommend that you immediately update the software that depends on the solution.
The second vulnerability found in React Native Image Picker has a CVE identifier-2024–25 466 and it is rated as critical, although at the time of publication there is no exact CVSS rating. It allows you to edit files inside the application container. This, in turn, leads to ACE (arbitrary code execution) when the file is overwritten .the so used by the app. This security flaw allows an attacker to execute arbitrary code using a script created in the Android library component during a local attack.
The main danger of CVE-2024–25 466 It is a possible compromise of the user's personal data, which opens the way for performing various operations on their behalf. The company's experts strongly recommend updating the library to the latest version to avoid possible risks.
Specialists from Angara Security found two vulnerabilities in IT solutions FreeIPA (an open project of RedHat) and React Native Image Picker (the React Native library). Vulnerabilities were identified during a security study of web and mobile applications of the announced solutions.
A vulnerability with the identifier CVE-2024–1481 was found in the FreeIPA system, rated at 5.3 points on the CVSS scale. This flaw allows unauthorized users to cause a denial of service of a FreeIPA-based domain controller via a specially generated HTTP request. According to representatives of the company, many Russian solutions for import substitution of Microsoft AD are built on FreeIPA and, most likely, all of them contain the found vulnerability.
The FreeIPA developers quickly fixed the problem and released an update, so we recommend that you immediately update the software that depends on the solution.
The second vulnerability found in React Native Image Picker has a CVE identifier-2024–25 466 and it is rated as critical, although at the time of publication there is no exact CVSS rating. It allows you to edit files inside the application container. This, in turn, leads to ACE (arbitrary code execution) when the file is overwritten .the so used by the app. This security flaw allows an attacker to execute arbitrary code using a script created in the Android library component during a local attack.
The main danger of CVE-2024–25 466 It is a possible compromise of the user's personal data, which opens the way for performing various operations on their behalf. The company's experts strongly recommend updating the library to the latest version to avoid possible risks.
