Cyber Resilience

CVE-2024-37759

CriticalPublic PoC

Published: 24 June 2024

Published
24 June 2024
Modified
13 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8067 99.2th percentile
Risk Priority 68 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-37759 is a critical-severity Injection (CWE-74) vulnerability in Datagear Datagear. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

DataGear v5.0.0 and earlier contains a SpEL expression injection vulnerability in its Data Viewing interface, tracked as CWE-74. The flaw allows untrusted input to be evaluated as Spring Expression Language expressions, resulting in a CVSS 3.1 score of 9.8 that reflects network-accessible attack vectors without authentication or user interaction.

An unauthenticated remote attacker can supply crafted expressions through the affected interface to execute arbitrary code on the server, achieving full read/write access and service disruption. The high CVSS vector confirms that successful exploitation can impact confidentiality, integrity, and availability simultaneously.

Public references include a working proof-of-concept repository and an open issue filed against the DataGear project on GitHub, but no vendor advisory or patch details are provided in the available sources. The associated EPSS score has reached 0.8067 at peak with no documented low-to-high trajectory, indicating substantial exploitation interest following disclosure.

EU & UK References

Vulnerability details

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1221 Template Injection Stealth
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
Why these techniques?

The SpEL expression injection vulnerability in the Data Viewing web interface allows remote code execution via malicious expressions in database data, directly facilitating Template Injection (T1221) and exploitation of a public-facing web application (T1190).

Affected Assets

datagear
datagear
≤ 5.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References