Lucene search
GoogleOSV:GHSA-XFJJ-F699-RC79HistoryMay 07, 2024 - 3:30 p.m.
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-0715:30:37
Google
osv.dev
2
tiagorlampert chaos
vulnerability
arbitrary code execution
unsafe concatenation
filename argument
software
An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/tiagorlampert/chaos | lt | 0.0.0-20220716132853-b47438d36e3a |
References
gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496
github.com/tiagorlampert/CHAOS
github.com/tiagorlampert/CHAOS/commit/1b451cf62582295b7225caf5a7b506f0bad56f6b
github.com/tiagorlampert/CHAOS/commit/24c9e109b5be34df7b2bce8368eae669c481ed5e
github.com/tiagorlampert/CHAOS/commit/b47438d36e3ad746de8c009e644f6e5396703f25
github.com/tiagorlampert/CHAOS/pull/95
nvd.nist.gov/vuln/detail/CVE-2024-33434
Related
osv
osv
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
Arbitrary code execution in github.com/tiagorlampert/CHAOS
2024-05-09 16:51:38
cve
cve
CVE-2024-33434
2024-05-07 14:15:10
CVE-2024-30850
2024-04-12 06:15:06
cvelist
cvelist
CVE-2024-33434
2024-05-07 00:00:00
CVE-2024-30850
2024-04-12 00:00:00
github
github
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
githubexploit
githubexploit
Exploit for CVE-2024-30850
2024-04-05 21:35:04
nvd
nvd
CVE-2024-33434
2024-05-07 14:15:10
CVE-2024-30850
2024-04-12 06:15:06
veracode
veracode
Remote Code Execution (RCE)
2024-05-08 07:44:47
Code Injection
2024-04-15 06:08:03
metasploit
metasploit
Chaos RAT XSS to RCE
2024-04-24 20:51:58
zdt
zdt
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
2024-05-22 00:00:00
CHAOS RAT 5.0.1 Remote Command Execution Exploit
2024-04-11 00:00:00
packetstorm
packetstorm
CHAOS RAT 5.0.1 Remote Command Execution
2024-04-10 00:00:00
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
2024-05-21 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 05/23/2024
2024-05-23 20:30:25