CVE-2024-34060

8.8 HIGH

Published: May 23, 2024 Modified: April 15, 2026

Description

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca

Source: security-advisories@github.com

https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm

Source: security-advisories@github.com

https://github.com/dfir-iris/iris-evtx-module/commit/4e45fc94a31e1ee4641d608a387dfd9f9e68dbca

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/dfir-iris/iris-evtx-module/security/advisories/GHSA-9rw6-5q9j-82fm

Source: af854a3a-2127-422b-91ae-364da2661108

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.8 / 10.0

EPSS (Exploit Probability)

2.4%

85th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-5231 7.2

CVE-2026-5162 6.4

CVE-2026-4817 6.5

CVE-2026-3488 6.5

CVE-2026-40922 N/A