CVE-2023-24107

Опубликовано: 22 фев. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Ссылки

https://github.com/jminh/hour_of_code_python_2015/
Product
https://github.com/jminh/hour_of_code_python_2015/issues/4
Exploit
Issue Tracking
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
Broken Link
https://github.com/jminh/hour_of_code_python_2015/
Product
https://github.com/jminh/hour_of_code_python_2015/issues/4
Exploit
Issue Tracking
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hour_of_code_python_2015_project:hour_of_code_python_2015:2015-12-11:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00156

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-94

Связанные уязвимости

GHSA-35p8-rgfh-rpw2