CVE-2024-31839

MEDIUM4.8EPSS 84.6%

tiagorlampert CHAOS vulnerable to Cross Site Scripting

Published: 4/12/2024Modified: 5/10/2024

Also known as:GHSA-c5rv-hjjc-jv7mGO-2024-2721

Description

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.

Affected packages (2)

Go/github.com/tiagorlampert/CHAOSfrom 0, <= 5.0.1
Go/github.com/tiagorlampert/CHAOSfrom 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-31839
PATCHhttps://github.com/tiagorlampert/CHAOS
WEBhttps://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents