{"id":"CVE-2024-10965","summary":"emqx neuron JSON File schema information disclosure","details":"A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue.","modified":"2026-05-23T23:11:01.380836Z","published":"2024-11-07T17:00:12.641Z","database_specific":{"cwe_ids":["CWE-200","CWE-284"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10965.json","cna_assigner":"VulDB"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10965.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10965"},{"type":"ADVISORY","url":"https://vuldb.com/?id.283411"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.435375"},{"type":"REPORT","url":"https://github.com/emqx/neuron/issues/2281"},{"type":"REPORT","url":"https://github.com/emqx/neuron/pull/2282"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.283411"},{"type":"FIX","url":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/emqx/neuron","events":[{"introduced":"0"},{"last_affected":"8a6a8b6cdb78026dfc2645ecf66a9562cad78717"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.10.0"}],"cpe":"cpe:2.3:a:emqx:neuron:*:*:*:*:*:*:*:*"}}],"versions":["2.10.0","2.10.0-beta5","2.10.0-beta4","2.10.0-beta3","2.10.0-beta2","2.10.0-beta1","2.10.0-alpha3","2.10.0-alpha2","2.10.0-alpha","2.6.0-beta2","2.6.0-beta1","2.4.0","2.3.0","2.2.0","2.1.1","2.1.0","2.0.1","2.0.0","2.0.0-rc.1","2.0.0-beta.2","2.0.0-beta.1","2.0.0-alpha.2","2.0.0-alpha.1.1","2.0.0-alpha.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10965.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/fengzeroz/neuron","events":[{"introduced":"0"},{"fixed":"c9ce39747e0372aaa2157b2b56174914a12c06d8"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v2.6-daily"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10965.json","vanir_signatures":[{"deprecated":false,"target":{"file":"include/neuron/msg.h"},"signature_type":"Line","id":"CVE-2024-10965-4fa5cedd","digest":{"threshold":0.9,"line_hashes":["33684469709633437339627117126835667340","236933878990794278888924163438896829567","192203366871279095940515826273868278062","198842624542433828732229331099570386516","184675773906610093660391980501615720447","26442505946733370848360558318526625557","234367081816295464890521769622431626607","222781491205694811223157008812765074750","328710702428939131638177251820225467200","219708099371438947958033222262234624291","242765905902417474196659976827603224509"]},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"plugins/restful/normal_handle.c","function":"handle_get_plugin_schema"},"signature_type":"Function","id":"CVE-2024-10965-5c9928a2","digest":{"length":1443,"function_hash":"206272000381583335435558197513435832997"},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/adapter/adapter.c","function":"adapter_command"},"signature_type":"Function","id":"CVE-2024-10965-607cecc2","digest":{"length":3039,"function_hash":"250637791044783902133163427259814451721"},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"plugins/restful/normal_handle.h"},"signature_type":"Line","id":"CVE-2024-10965-6adf63f8","digest":{"threshold":0.9,"line_hashes":["331766669030876559672904407830622065925","328735776079764243982491709860052407073","144201143613463802743014191682613801865","199409858437523187706967669917076932943","290124177491304318134919065762183262451"]},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/base/msg_internal.h"},"signature_type":"Line","id":"CVE-2024-10965-74a8dac8","digest":{"threshold":0.9,"line_hashes":["183488448230927358206521439169736062700","158925621955014402826797808694279982763","46599072083530774570296756770776765847","300361578666655515899659258611117748195","83971784927256436002831367941673891925","332812996985778051612729370143315507736","260214560146203154648124393235808031137","25205654491859607792041661079498997756"]},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"plugins/restful/normal_handle.c"},"signature_type":"Line","id":"CVE-2024-10965-77c9a788","digest":{"threshold":0.9,"line_hashes":["186087883928190571639855483630084824668","162920762934721073698850834177841874594","127878302214932493482167415504937110561","96825551502228788124460138529812843207","114244463955053221723484703364437165959","72199324614251445042697018010400415514","242951509535770625754122545485654870136","83337083799070672410663937136230291021","53512466530943145200040323414228670998","148599505863091312980039212186417794432","9859460008669593597004361207586661671","133921878331275654997287719721893217539","336235063371392495270559944094004693218","43985615913597358792431788121923529628","106831827716323806008492049216669951243","319610081286320211339394559718037226013","74181806681845497024062793288420407052","139013771865270249395283190760618393440","324038395086061212504601158896064852418","112189129911661377181445995078407343234","328610609193708528918581261830182296710","219303615091271843934169236718977609992","105518995887063914193852247523788375281","208185461386069941609916253540833377878","101544351225101379689947465917451176692","141549925307396892168228798997366442916","86590235573444371977146626260573219636","74181806681845497024062793288420407052","139013771865270249395283190760618393440","320029698851387778440630652203986733480","64619871641153154474813383312665447019","161370817070060231496082327709935244589","319120693856268343191434500283342317023","326462110965240730879651994617822946656","110001607042511068763207975409097298627","27812336291194601281133598339733858907","76159388609106758571599920996102820758","86590235573444371977146626260573219636","74181806681845497024062793288420407052","139013771865270249395283190760618393440","320029698851387778440630652203986733480","64619871641153154474813383312665447019","161370817070060231496082327709935244589","166230679588605732246869605467943110011","321103678879536218326510509250387526320","77059927923299731759655332056245909582","134444778962908547429236687415097252909","129347526216547332336197573931797019505","251867506143450941369483433405625286243","266867621887417801745127264588219012526","283732691437993456845483624241946207402","26509591823401231883054141734819867280","182957550152901195435672907494483908575","143705414201236816223189211730536016901"]},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/base/msg_internal.h","function":"neu_msg_new"},"signature_type":"Function","id":"CVE-2024-10965-82e3d418","digest":{"length":965,"function_hash":"184075152562235265383511131754700075624"},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"plugins/restful/rest.c","function":"dashb_plugin_request"},"signature_type":"Function","id":"CVE-2024-10965-9ef2dc08","digest":{"length":3997,"function_hash":"132307509866539276157837633071349446142"},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"plugins/restful/rest.c"},"signature_type":"Line","id":"CVE-2024-10965-c3841bea","digest":{"threshold":0.9,"line_hashes":["254196138307685242315348790184544741226","4437879433522207270230736205595320919","89583120248530991767572213547118568481","22070864130972209409841764235078166049","172572521693954626916528770019528746116","256304452374704400735350413965060132603","5974052631257074529586262493364696278","53126356526030369048447122945456290272"]},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/adapter/adapter.c","function":"adapter_loop"},"signature_type":"Function","id":"CVE-2024-10965-da4f44a0","digest":{"length":17015,"function_hash":"7088177272976857051376763031646212874"},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/core/manager.c","function":"manager_loop"},"signature_type":"Function","id":"CVE-2024-10965-db2862d3","digest":{"length":30911,"function_hash":"228378087554208791427335845747282123787"},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/core/plugin_manager.h"},"signature_type":"Line","id":"CVE-2024-10965-e5fe4e7f","digest":{"threshold":0.9,"line_hashes":["261325588127643394883878072992956164927"]},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"},{"deprecated":false,"target":{"file":"src/adapter/adapter.c"},"signature_type":"Line","id":"CVE-2024-10965-ed841e3f","digest":{"threshold":0.9,"line_hashes":["17358983737281476449847183385251215169","314456207923949496471018362511140973936","204718051980332471680237224574764455770","224424715268410597974240626730970050003","257822021620127626921627211328101218007","73080824998716567453672862139449616723","297084382876264524492155605022542747831","261111592617548360548337768424341194748"]},"source":"https://github.com/fengzeroz/neuron/commit/c9ce39747e0372aaa2157b2b56174914a12c06d8","signature_version":"v1"}],"vanir_signatures_modified":"2026-05-23T23:11:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}]}