GoogleOSV:GHSA-66M2-493M-CRH2Searchor CLI's Search vulnerable to Arbitrary Code using Eval
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.0%
An issue in Arjun Sharda’s Searchor before version v.2.4.2 allows an attacker to
execute arbitrary code via a crafted script to the eval() function in Searchor’s src/searchor/main.py file, affecting the search feature in Searchor’s CLI (Command Line Interface).
Impact
Versions equal to, or below 2.4.1 are affected.
Patches
Versions above, or equal to 2.4.2 have patched the vulnerability.
References
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
https://github.com/jonnyzar/POC-Searchor-2.4.2
https://github.com/ArjunSharda/Searchor/pull/130
References
github.com/advisories/GHSA-66m2-493m-crh2
github.com/ArjunSharda/Searchor
github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b
github.com/ArjunSharda/Searchor/pull/130
github.com/ArjunSharda/Searchor/security/advisories/GHSA-66m2-493m-crh2
github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
nvd.nist.gov/vuln/detail/CVE-2023-43364
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.0%