Lucene search
GitHub Advisory DatabaseGHSA-XFJJ-F699-RC79HistoryMay 07, 2024 - 3:30 p.m.
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-0715:30:37
GitHub Advisory Database
github.com
14
tiagorlampert chaos
arbitrary code execution
remote attacker
unsafe concatenation
software
version 1b451cf62582295b7225caf5a7b506f0bad56f6b
version 24c9e109b5be34df7b2bce8368eae669c481ed5e
An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering.
Affected configurations
Node
netflixchaos_monkeyRange<0.0.0-20220716132853-b47438d36e3ajenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/tiagorlampert/chaos | lt | 0.0.0-20220716132853-b47438d36e3a |
References
gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496
github.com/advisories/GHSA-xfjj-f699-rc79
github.com/tiagorlampert/CHAOS/commit/1b451cf62582295b7225caf5a7b506f0bad56f6b
github.com/tiagorlampert/CHAOS/commit/24c9e109b5be34df7b2bce8368eae669c481ed5e
github.com/tiagorlampert/CHAOS/commit/b47438d36e3ad746de8c009e644f6e5396703f25
github.com/tiagorlampert/CHAOS/pull/95
nvd.nist.gov/vuln/detail/CVE-2024-33434
Related
cve
cve
CVE-2024-33434
2024-05-07 14:15:10
cvelist
cvelist
CVE-2024-33434
2024-05-07 00:00:00
nvd
nvd
CVE-2024-33434
2024-05-07 14:15:10
veracode
veracode
Remote Code Execution (RCE)
2024-05-08 07:44:47
osv
osv
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
Arbitrary code execution in github.com/tiagorlampert/CHAOS
2024-05-09 16:51:38