CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
37.2%
web2py web application framework contains an OS command injection vulnerability (CWE-78).
When web2py is configured to use notifySendHandler
for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.
Update the Software
Update the software to the latest version according to the information provided by the developer.