CVE-2024-53305
EPSS 0.37%Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
發布日:2025/4/16修改日:2025/4/16
描述
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
受影響套件(1)
- PyPI/whoogle-searchfrom 0, < 0.9.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-53305
- PATCHhttps://github.com/benbusby/whoogle-search
- WEBhttps://fern89.github.io/posts/whoogle-rce
- WEBhttps://gist.github.com/fern89/ca5fe76ad81b4bc363e7341e523a1651
- WEBhttps://github.com/benbusby/whoogle-search/commit/223f00c3c0533423114f99b30c561278bc0b42ba