Chaosblade < 1.7.4 - Remote Code Execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...

VulnCheck KEV: CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

GO-2024-3133 Chaosblade vulnerable to OS command execution in github.com/chaosblade-io/chaosblade

Chaosblade vulnerable to OS command execution in github.com/chaosblade-io/chaosblade...

OS Command Execution

github.com/chaosblade-io/chaosblade is vulnerable to OS Command Execution. The vulnerability is due to the lack of authentication when using the cmd parameter in the exec.CommandContext function in server mode. It allows an attacker to execute arbitrary OS commands on the server without...

Chaosblade vulnerable to OS command execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

GHSA-723H-X37G-F8QM Chaosblade vulnerable to OS command execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

CVE-2023-47105

Chaosblade (github.com/chaosblade-io/chaosblade) versions 0.3–1.7.3 are vulnerable when running in server mode: unauthenticated command execution is possible via the cmd parameter in exec.CommandContext. The flaw allows remote command execution against the Chaosblade HTTP service with server mode...

Chaosblade 安全漏洞

Chaosblade is an open source experimental injection tool from ChaosBlade Open Source. A security vulnerability exists in Chaosblade versions 0.3 through 1.7.3, which stems from allowing the execution of operating system commands via the cmd parameter without authentication when using server mode...

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

PT-2024-13406 · Unknown · Chaosblade

Name of the Vulnerable Software and Affected Versions: Chaosblade versions 0.3 through 1.7.3 Description: The issue allows OS command execution via the cmd parameter without authentication when server mode is used. This is related to the exec.CommandContext in Chaosblade. Recommendations: For...

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...