CVE-2023-0297

Code Injection in pyload/pyload

CVSS 9.8 CRITICALEPSS 97.0%CWE-94

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

pyload · pyload/pyload

PoCs públicas encontradas — 9

githubgithub.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad★ 28 githubgithub.com/Small-ears/CVE-2023-0297★ 2 githubgithub.com/overgrowncarrot1/CVE-2023-0297★ 1 githubgithub.com/btar1gan/exploit_CVE-2023-0297★ 0 githubgithub.com/S4MY9/CVE-2023-0297★ 0 githubgithub.com/hazeyez/CVE-2023-0297★ 0 exploitdbwww.exploit-db.com/exploits/51532no verificado cve_referencepacketstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.htmlno verificado cve_referencepacketstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65