Lucene search

K
nvd[email protected]NVD:CVE-2024-23731
HistoryJan 21, 2024 - 5:15 p.m.

CVE-2024-23731

2024-01-2117:15:44
CWE-88
web.nvd.nist.gov
2
openapi
loader
embedchain
vulnerability
code execution
yaml load

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

48.9%

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.

Affected configurations

Nvd
Node
embedchainembedchainRange<0.1.57
VendorProductVersionCPE
embedchainembedchain*cpe:2.3:a:embedchain:embedchain:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

48.9%

Related for NVD:CVE-2024-23731