# CVE-2024-56333

### Description

This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks.

### Remediation

| Patches for Major Version of the helm chart of Onyxia                                                                         |
| ----------------------------------------------------------------------------------------------------------------------------- |
| Versions 7 and below are no longer supported. Upgrade to a newer version to resolve this issue.                               |
| Version 8 is built on Onyxia API v2.x. To update, use Onyxia chart v8.27.16 and explicitly set the API tag to v2.8.2 or after |
| Version 9 is built on Onyxia API v3.x. To update, use Onyxia chart v9.2.1 and explicitly set the API tag to v3.1.1 or after   |
| Version 10 is built on Onyxia API v4.x. You can use Onyxia chart v10.4.0 and after.                                           |

### Details

For version 8 and 9 you need to modify the \`values.yaml\`

{% code title="values-v9.yaml" %}

```yaml
  api:
    image:
      tag: "v3.1.1"
```

{% endcode %}

{% code title="values-v8.yaml" %}

```yaml
  api:
    image:
      tag: "v2.8.2"
```

{% endcode %}