CVE & CISA-KEV Catalog

CVE-2024-8912

HIGH
7.5
CVSS v3
NVD

Description

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+

How to fix

Remediation Available
cloud lookerNVD
Affected:>= 24.14, < 24.14.37Fixed in:24.14.37CVE-2024-8912derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.19%probability of exploitation in 30 days
9thpercentile

Low risk: more likely to be exploited than 9% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-444 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2022-22536Critical10.098%KEV-
CVE-2025-61884High7.598%KEV + Ransom-
CVE-2020-9490High7.590%-Fix
CVE-2023-41265Critical9.685%KEV + Ransom-
CVE-2023-25690Critical9.884%-Fix
CVE-2022-32214Medium6.578%-Fix
Embed a live status badge for CVE-2024-8912
CVE-2024-8912 severity badge

Markdown

[![CVE-2024-8912](https://tridentstack.com/cve/badge/CVE-2024-8912.svg)](https://tridentstack.com/cve/CVE-2024-8912)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-8912"><img src="https://tridentstack.com/cve/badge/CVE-2024-8912.svg" alt="CVE-2024-8912"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-07-30.