CVE-2023-0297

nvd nist nuclei

Published: Jan 14, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

Affected (1)

Products: Pyload: Pyload

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pyload Pyload	Up to 0.4.20

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html

Source: security@huntr.dev

http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html

Source: security@huntr.dev

https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65

Source: security@huntr.dev

ExploitThird Party Advisory

http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.