Skip to content
/ CVE-2024-4879 Public

CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow

22 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Brut-Security/CVE-2024-4879

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
README.md
README.md
 
 
servicenow-db-exploit.yaml
servicenow-db-exploit.yaml
 
 
servicenow.gif
servicenow.gif
 
 
servicenow.yaml
servicenow.yaml
 
 

Repository files navigation

CVE-2024-4879 Exploit & PoC - Nuclei Template

CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

For Detecting Jelly Template Injection Vulnerability

Usage

nuclei -t servicenow.yaml -l targets.txt

For Database Exploitation Jelly Template Injection Vulnerability

Usage

nuclei -t servicenow-db-explit.yaml -l targets.txt

Watch the video

References

Video PoC

Video Title

About

CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow

Resources

Readme
Activity
Custom properties

Stars

22 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published