Lucene search
HistoryDec 12, 2023 - 6:15 p.m.
CVE-2023-43364
searchor main.py eval input
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.0%
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
Affected configurations
Node
arjunshardasearchorRange<2.4.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| arjunsharda | searchor | * | cpe:2.3:a:arjunsharda:searchor:*:*:*:*:*:*:*:* |
Related
github
github
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
2023-09-25 18:37:51
prion
prion
Remote code execution
2023-12-12 18:15:00
cve
cve
CVE-2023-43364
2023-12-12 18:15:22
veracode
veracode
Arbitrary Code Execution
2023-09-27 06:20:34
osv
osv
CVE-2023-43364
2023-12-12 18:15:22
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
2023-09-25 18:37:51
cvelist
cvelist
CVE-2023-43364
2023-12-12 00:00:00
githubexploit
githubexploit
Exploit for Injection in Arjunsharda Searchor
2024-04-26 03:09:09
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
43.0%
Related for NVD:CVE-2023-43364