Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)

CVE-2024-28397 is sandbox escape in js2py use exploit/linux/http/pyloadjs2pycve202439205 msf exploitpyloadjs2pycve202439205 show targets ...targets... msf exploitpyloadjs2pycve202439205 set TARGET msf exploitpyloadjs2pycve202439205 show options ...show and set options... msf...

pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

GHSA-R9PP-R4XF-597R pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

openSUSE Security Advisory (SUSE-SU-2024:2272-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0256)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-js2py packages fix security vulnerability

CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...

MGASA-2024-0256 Updated python-js2py packages fix security vulnerability

CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code...

openSUSE 15 Security Update : python-Js2Py (SUSE-SU-2024:2272-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2272-1 advisory. - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660. Tenable has extracted the preceding description block directly...

SUSE-SU-2024:2272-1 Security update for python-Js2Py

This update for python-Js2Py fixes the following issues: - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660...

OPENSUSE-SU-2024:14086-1 python310-Js2Py-0.74-3.1 on GA media

These are all security issues fixed in the python310-Js2Py-0.74-3.1 package on the GA media of openSUSE Tumbleweed...

Js2Py Code Execution Vulnerability

Js2Py is a library from the Python Foundation. It is used to convert JavaScript to Python code. A code execution vulnerability exists in Js2Py version 0.74 and earlier, which can be exploited by an attacker to execute arbitrary code via a crafted API call...

Remote Code Execution (RCE)

js2py is vulnerable to Remote Code Execution RCE. The vulnerability is due to the js2py.disablepyimport function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code execution...

Exploit for CVE-2024-28397

Perkenalan 中文 js2py is a popular python...

acfunsdk (=0.8.3), aiocfscrape (=0.0.6) +9 more potentially affected by CVE-2024-28397 via js2py (>=0.50.0 <=0.71.0)

js2py PYPI version =0.50.0, =0.0.20, =0.0.2, =2.4.2, =6.0.1, =0.0.7, =3.0.1, =2021.4.5.post1, =2022.2.20 Source cves: CVE-2024-28397 Source advisory: OSV:GHSA-H95X-26F3-88HR...

js2py allows remote code execution

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

GHSA-H95X-26F3-88HR js2py allows remote code execution

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

UBUNTU-CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...