exploitDog

CVE-2023-27849

Опубликовано: 24 апр. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.

Ссылки

https://github.com/omnitaint/Vulnerability-Reports/blob/2211ea4712f24d20b7f223fb737910fdfb041edb/reports/rails-routes-to-json/report.md
Exploit
Third Party Advisory
https://www.npmjs.com/package/rails-routes-to-json
Broken Link
https://github.com/omnitaint/Vulnerability-Reports/blob/2211ea4712f24d20b7f223fb737910fdfb041edb/reports/rails-routes-to-json/report.md
Exploit
Third Party Advisory
https://www.npmjs.com/package/rails-routes-to-json
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rails-routes-to-json_project:rails-routes-to-json:1.0.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 89%

0.04942

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-77

Связанные уязвимости

GHSA-c727-w428-q3f5

CVSS3: 9.8

github

почти 3 года назад

rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.

EPSS

Процентиль: 89%

0.04942

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-77