Login Sign Up

CVE-2024-37759

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

DataGear v5.0.0 and earlier contains a Spring Expression Language (SpEL) injection vulnerability in the Data Viewing interface. This allows authenticated attackers to execute arbitrary code on the server with the same privileges as the DataGear application. Organizations using vulnerable versions of DataGear are affected.

💻 Affected Systems

Products:
  • DataGear
Versions: v5.0.0 and earlier
Operating Systems: All platforms running DataGear
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the Data Viewing interface.

📦 What is this software?

Datagear by Datagear

View all CVEs affecting Datagear →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote code execution, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential server takeover by authenticated attackers.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and input validation controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward with published PoC.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.0.1 or later

Vendor Advisory: https://github.com/datageartech/datagear/issues/32

Restart Required: Yes

Instructions:

1. Download DataGear v5.0.1 or later from official repository. 2. Backup current installation and data. 3. Stop DataGear service. 4. Replace with patched version. 5. Restart DataGear service.

🔧 Temporary Workarounds

Disable Data Viewing Interface

all

Temporarily disable the vulnerable Data Viewing interface component

Modify DataGear configuration to disable data viewing functionality

Network Access Control

linux

Restrict access to DataGear interface to trusted IPs only

iptables -A INPUT -p tcp --dport [DataGear-port] -s [trusted-ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [DataGear-port] -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate DataGear from critical systems
  • Enforce strong authentication and limit user privileges to minimum required

🔍 How to Verify

Check if Vulnerable:

Check DataGear version via web interface or configuration files. Versions 5.0.0 and earlier are vulnerable.

Check Version:

Check DataGear web interface or examine application.properties/version files

Verify Fix Applied:

Verify installation of DataGear v5.0.1 or later and test that SpEL injection attempts are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SpEL expressions in request logs
  • Multiple failed authentication attempts followed by data viewing requests
  • Unexpected system commands in application logs

Network Indicators:

  • Unusual outbound connections from DataGear server
  • Spike in traffic to DataGear data viewing endpoints

SIEM Query:

source="datagear.logs" AND (message="*SpEL*" OR message="*expression*" OR message="*injection*")

📊 Metadata

CVE ID: CVE-2024-37759
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
Published: June 24, 2024
Last Updated: June 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37759, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)