CVE-2024-32358 – CVE-2024-32358 is a remote code execution vulne... (How to Fix)

Q: What is the severity of CVE-2024-32358?

CVE-2024-32358 has a CVSS score of 7.5 (HIGH). CVE-2024-32358 is a remote code execution vulnerability in JPress v5.1.0 that allows attackers to execute arbitrary code through crafted scripts in the custom plug-in module. This affects all users running JPress v5.1.0 with the vulnerable custom plug-in functionality enabled. The vulnerability stems from improper input validation in the plug-in system.

📋 TL;DR

CVE-2024-32358 is a remote code execution vulnerability in JPress v5.1.0 that allows attackers to execute arbitrary code through crafted scripts in the custom plug-in module. This affects all users running JPress v5.1.0 with the vulnerable custom plug-in functionality enabled. The vulnerability stems from improper input validation in the plug-in system.

💻 Affected Systems

Products:

JPress

Versions: v5.1.0

Operating Systems: All platforms running JPress

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the custom plug-in module function which is part of the core JPress functionality.

📦 What is this software?

Jpress by Jpress

View all CVEs affecting Jpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary commands, install malware, steal data, and pivot to other systems.

🟠

Likely Case

Web server compromise leading to data theft, defacement, or use as part of a botnet.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing web applications.

🏢 Internal Only: MEDIUM - Internal systems could be compromised through internal attackers or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub gist reference contains technical details that could be used to create exploits. The vulnerability requires no authentication and has low complexity to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.1.1 or later

Vendor Advisory: https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0

Restart Required: Yes

Instructions:

1. Download latest JPress version from official sources. 2. Backup current installation and data. 3. Replace vulnerable files with patched version. 4. Restart JPress application server.

🔧 Temporary Workarounds

Disable custom plug-in module

all

Temporarily disable or restrict access to the custom plug-in functionality

# Modify JPress configuration to disable plug-in uploads
# Remove or restrict permissions to plug-in directories

Web Application Firewall rules

all

Implement WAF rules to block suspicious plug-in upload requests

# Add WAF rules to block requests containing suspicious patterns in plug-in parameters

🧯 If You Can't Patch

Implement strict network segmentation to isolate JPress instances from critical systems
Deploy application-level monitoring and alerting for suspicious plug-in upload activities

🔍 How to Verify

Check if Vulnerable:

Check JPress version by examining application files or admin panel. If version is exactly 5.1.0, the system is vulnerable.

Check Version:

Check JPress configuration files or admin dashboard for version information

Verify Fix Applied:

Verify JPress version is 5.1.1 or later. Test custom plug-in functionality with safe test scripts.

📡 Detection & Monitoring

Log Indicators:

Unusual plug-in upload activities
Suspicious file creation in plug-in directories
Unexpected process execution from web context

Network Indicators:

HTTP POST requests to plug-in upload endpoints with unusual payloads
Outbound connections from web server to suspicious IPs

SIEM Query:

source="jpress" AND (event="plugin_upload" OR event="file_creation") AND (file_extension="jar" OR file_extension="zip")

📊 Metadata

CVE ID: CVE-2024-32358

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-94

Published: April 25, 2024

Last Updated: June 3, 2025

🔗 References

https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc Third Party Advisory
https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0 Release Notes
https://github.com/JPressProjects/jpress/releases/tag/v5.1.0 Release Notes
https://www.jpress.cn/download Product
https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD Permissions Required
https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc Third Party Advisory
https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32358, you might also want to check these: