CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.0%
An issue in Arjun Sharda’s Searchor before version v.2.4.2 allows an attacker to
execute arbitrary code via a crafted script to the eval() function in Searchor’s src/searchor/main.py file, affecting the search feature in Searchor’s CLI (Command Line Interface).
Versions equal to, or below 2.4.1 are affected.
Versions above, or equal to 2.4.2 have patched the vulnerability.
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
https://github.com/jonnyzar/POC-Searchor-2.4.2
https://github.com/ArjunSharda/Searchor/pull/130
github.com/advisories/GHSA-66m2-493m-crh2
github.com/ArjunSharda/Searchor
github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b
github.com/ArjunSharda/Searchor/pull/130
github.com/ArjunSharda/Searchor/security/advisories/GHSA-66m2-493m-crh2
github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
nvd.nist.gov/vuln/detail/CVE-2023-43364