Cyber Resilience

CVE-2024-22891

CriticalPublic PoC

Published: 01 March 2024

Published
01 March 2024
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3943 97.4th percentile
Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22891 is a critical-severity Open Redirect (CWE-601) vulnerability in Nteract Nteract. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Nteract version 0.28.0 contains a remote code execution vulnerability that can be triggered through a specially crafted Markdown link. The flaw is tracked as CVE-2024-22891 with a CVSS 3.1 base score of 9.8 and is associated with CWE-601. The affected component is the Markdown rendering and link-handling logic within the desktop notebook application.

An unauthenticated attacker can supply a malicious Markdown document containing a crafted link. When the file is opened in Nteract, the vulnerability allows arbitrary code execution on the victim system without requiring user interaction beyond viewing the document, resulting in full confidentiality, integrity, and availability impact.

Public proof-of-concept code demonstrating the issue has been published on GitHub. The current EPSS score stands at 0.3943 with an identical recorded peak, indicating sustained exploitation interest since disclosure. No official vendor advisory or patch information is referenced in the available sources.

EU & UK References

Vulnerability details

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

CVE-2024-22891 enables remote code execution in the Nteract desktop client application via a crafted Markdown link, facilitating Exploitation for Client Execution (T1203).

Affected Assets

nteract
nteract
0.28.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-601

Security awareness includes verifying URLs and avoiding untrusted redirects that lead to malicious sites.

addresses: CWE-601

Validates redirect targets and URLs to ensure they conform to allowed destinations.

References