← back
CVE-2023-0297

Code Injection in pyload/pyload

CVSS 9.8 CRITICALEPSS 97.0%CWE-94
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
pyload · pyload/pyload
public PoCs found9
githubgithub.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad28githubgithub.com/Small-ears/CVE-2023-02972githubgithub.com/overgrowncarrot1/CVE-2023-02971githubgithub.com/btar1gan/exploit_CVE-2023-02970githubgithub.com/S4MY9/CVE-2023-02970githubgithub.com/hazeyez/CVE-2023-02970exploitdbwww.exploit-db.com/exploits/51532unverifiedcve_referencepacketstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.htmlhttp://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.htmlhttps://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782dhttps://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65