exploitDog

CVE-2023-43364

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.

Ссылки

https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b
Patch
https://github.com/ArjunSharda/Searchor/pull/130
Issue Tracking
Patch
https://github.com/advisories/GHSA-66m2-493m-crh2
Vendor Advisory
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
Exploit
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
Exploit
https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b
Patch
https://github.com/ArjunSharda/Searchor/pull/130
Issue Tracking
Patch
https://github.com/advisories/GHSA-66m2-493m-crh2
Vendor Advisory
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
Exploit
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arjunsharda:searchor:*:*:*:*:*:*:*:*

Версия до 2.4.2 (исключая)

EPSS

Процентиль: 96%

0.29638

Средний

9.8 Critical

CVSS3

Дефекты

CWE-74

CWE-94

Связанные уязвимости

GHSA-66m2-493m-crh2

CVSS3: 9.8

github

больше 2 лет назад

Searchor CLI's Search vulnerable to Arbitrary Code using Eval

EPSS

Процентиль: 96%

0.29638

Средний

9.8 Critical

CVSS3

Дефекты

CWE-74

CWE-94