← voltar
CVE-2024-28397

CVE-2024-28397

CVSS 5.3 MEDIUMEPSS 4.5%CWE-94
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
n/a · n/a
PoCs públicas encontradas17
githubgithub.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape72githubgithub.com/naclapor/CVE-2024-2839712githubgithub.com/GhostOverflow/CVE-2024-28397-command-execution-poc5githubgithub.com/L1337Xi/CVE-2024-28397-Exploit-Automation2githubgithub.com/xeloxa/CVE-2024-28397-Js2Py-RCE-Exploit2githubgithub.com/s0m1s0ng/CVE-2024-28397-Reverse-Shell1githubgithub.com/releaseown/exploit-js2py1githubgithub.com/harutomo-jp/CVE-2024-28397-RCE1githubgithub.com/0xDTC/js2py-Sandbox-Escape-CVE-2024-28397-RCE0githubgithub.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape0githubgithub.com/Naved124/CVE-2024-28397-js2py-Sandbox-Escape0githubgithub.com/ExtremeUday/Remote-Code-Execution-CVE-2024-28397-pyload-ng-js2py-0githubgithub.com/D3ltaFormation/CVE-2024-28397-Js2Py-RCE0githubgithub.com/vitaciminIPI/CVE-2024-28397-RCE0githubgithub.com/3z-p0wn/CVE-2024-28397-exploit0githubgithub.com/y0naldez/CVE-2024-28397-Js2Py-RCE0exploitdbwww.exploit-db.com/exploits/52532não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Marven11https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape