GCVE - cpe:2.3:a:nasa:ait_core:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nasa:ait_core:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Nasa (`53a37713-6109-50d8-8bfa-fbb4eca64abd`)
Product	Ait Core (`5dca20ca-5671-59c5-8ca4-6f597c19ac24`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/nasa-ammos/ait-core`	purl2cpe	2026-06-01 10:15:37.587415
`pkg:pypi/ait-core`	purl2cpe	2026-06-01 10:15:37.587417

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-35061`	vulnerable	2026-06-03 14:55:55.475921	Details available NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution. Published: 2024-05-21T00:00:00.000Z Updated: 2024-08-02T03:07:46.463Z Open on db.gcve.eu Reference links https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-qv6x-53jj-vw59 https://github.com/advisories/GHSA-jqff-8g2v-642h	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35060`	vulnerable	2026-06-03 14:55:55.475468	Details available An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. Published: 2024-05-21T00:00:00.000Z Updated: 2024-08-02T03:07:46.420Z Open on db.gcve.eu Reference links https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-45q4-h8rr-hgx2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35059`	vulnerable	2026-06-03 14:55:55.474929	Details available An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. Published: 2024-05-21T00:00:00.000Z Updated: 2024-08-02T03:07:46.788Z Open on db.gcve.eu Reference links https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-jqff-8g2v-642h	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35058`	vulnerable	2026-06-03 14:55:55.474589	Details available An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. Published: 2024-05-21T00:00:00.000Z Updated: 2024-08-02T03:07:46.359Z Open on db.gcve.eu Reference links https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-4gxj-5mmr-7pxq	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35057`	vulnerable	2026-06-03 14:55:55.474228	Details available An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. Published: 2024-05-21T00:00:00.000Z Updated: 2024-08-02T03:07:46.359Z Open on db.gcve.eu Reference links https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-jf28-v5f6-cvpr	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-35056`	vulnerable	2026-06-03 14:55:55.473637	Details available NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. Published: 2024-05-21T00:00:00.000Z Updated: 2024-08-02T03:07:46.419Z Open on db.gcve.eu Reference links https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-gpgj-xrgw-8mx2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.