Lucene search

MitreCVE-2018-8097

HistoryMar 14, 2018 - 12:29 p.m.

CVE-2018-8097

2018-03-1412:29:00

CWE-94

mitre

web.nvd.nist.gov

cve-2018-8097

eve

pyeve

code injection

where parameter

security vulnerability

remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.

Affected configurations

Nvd

Node

python-eveeveRange<0.7.5

VendorProductVersionCPE
python-eveeve*cpe:2.3:a:python-eve:eve:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python-eve	eve	*	cpe:2.3:a:python-eve:eve::::::::

References

github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98

github.com/pyeve/eve/issues/1101

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.038

Percentile

91.9%

JSON

Related for CVE-2018-8097