Lucene search
GitHub Advisory DatabaseGHSA-P3J6-F45H-HW5FHistoryApr 12, 2024 - 6:33 a.m.
tiagorlampert CHAOS vulnerable to command injections
2024-04-1206:33:24
CWE-78
GitHub Advisory Database
github.com
5
vulnerability
chaos
command injections
remote attacker
arbitrary code
client_service.go
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
Affected configurations
Node
netflixchaos_monkeyRange<0.0.0-20220716132853-b47438d36e3ajenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/tiagorlampert/chaos | lt | 0.0.0-20220716132853-b47438d36e3a |
References
blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents
gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496
github.com/advisories/GHSA-p3j6-f45h-hw5f
github.com/tiagorlampert/CHAOS/commit/1b451cf62582295b7225caf5a7b506f0bad56f6b
github.com/tiagorlampert/CHAOS/commit/24c9e109b5be34df7b2bce8368eae669c481ed5e
github.com/tiagorlampert/CHAOS/pull/95
nvd.nist.gov/vuln/detail/CVE-2024-30850
nvd.nist.gov/vuln/detail/CVE-2024-33434
Related
githubexploit
githubexploit
Exploit for CVE-2024-30850
2024-04-05 21:35:04
cve
cve
CVE-2024-30850
2024-04-12 06:15:06
cvelist
cvelist
CVE-2024-30850
2024-04-12 00:00:00
veracode
veracode
Code Injection
2024-04-15 06:08:03
nvd
nvd
CVE-2024-30850
2024-04-12 06:15:06
metasploit
metasploit
Chaos RAT XSS to RCE
2024-04-24 20:51:58
osv
osv
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
Arbitrary code execution in github.com/tiagorlampert/CHAOS
2024-05-09 16:51:38
zdt
zdt
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
2024-05-22 00:00:00
CHAOS RAT 5.0.1 Remote Command Execution Exploit
2024-04-11 00:00:00
packetstorm
packetstorm
CHAOS RAT 5.0.1 Remote Command Execution
2024-04-10 00:00:00
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
2024-05-21 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 05/23/2024
2024-05-23 20:30:25