CVE-2023-0297
CRITICAL9.8EPSS 93.4%Code Injection in pyload-ng
發布日:2023/1/14修改日:2024/2/16
描述
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
受影響套件(1)
- PyPI/pyload-ngfrom 0, < 0.5.0b3.dev31
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-0297
- WEBhttp://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html
- WEBhttp://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html
- WEBhttps://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d
- WEBhttps://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65