Описание
Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:karrigell:karrigell:2.0:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.0_beta:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.1:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:karrigell:karrigell:2.1.5:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07061
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.
EPSS
Процентиль: 91%
0.07061
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other