exploitDog

CVE-2018-8097

Опубликовано: 14 мар. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.

Ссылки

https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98
Patch
Third Party Advisory
https://github.com/pyeve/eve/issues/1101
Third Party Advisory
https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98
Patch
Third Party Advisory
https://github.com/pyeve/eve/issues/1101
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:python-eve:eve:*:*:*:*:*:*:*:*

Версия до 0.7.5 (исключая)

EPSS

Процентиль: 95%

0.19107

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-8jxq-75rw-fhj9

CVSS3: 9.8

github

больше 7 лет назад

Eve allows execution of arbitrary code

EPSS

Процентиль: 95%

0.19107

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94