Lucene search

CVE-2023-43364

🗓️ 12 Dec 2023 18:22:15Reported by GoogleType

osv🔗 osv.dev👁 18 Views

main.py in Searchor before 2.4.2 uses eval on CLI input, allowing unexpected code execution

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2023-43364	12 Dec 202300:00	–	cvelist
OSV	Searchor CLI's Search vulnerable to Arbitrary Code using Eval	25 Sep 202318:37	–	osv
GithubExploit	Exploit for Injection in Arjunsharda Searchor	26 Apr 202403:09	–	githubexploit
Vulnrichment	CVE-2023-43364	12 Dec 202300:00	–	vulnrichment
Prion	Remote code execution	12 Dec 202318:15	–	prion
Veracode	Arbitrary Code Execution	27 Sep 202306:20	–	veracode
CVE	CVE-2023-43364	12 Dec 202318:15	–	cve
Github Security Blog	Searchor CLI's Search vulnerable to Arbitrary Code using Eval	25 Sep 202318:37	–	github
NVD	CVE-2023-43364	12 Dec 202318:15	–	nvd

Source	Link
github	www.github.com/advisories/GHSA-66m2-493m-crh2
github	www.github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
github	www.github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
github	www.github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b
github	www.github.com/ArjunSharda/Searchor/pull/130

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Dec 2023 18:15Current

7.3High risk

Vulners AI Score7.3

CVSS39.8

EPSS0.004

SSVC