CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

CNNVD•added 2024/06/20 12:0 a.m.•1 views

Js2Py 安全漏洞

Js2Py is a library from the Python Foundation. It is used to convert JavaScript to Python code. A code execution vulnerability exists in Js2Py version 0.74 and earlier, which can be exploited by an attacker to execute arbitrary code via a crafted API call...

5.3CVSS8AI score0.59353EPSS

Exploits22References5

Vulnrichment•added 2024/06/20 12:0 a.m.•14 views

CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

7.6AI score0.59353EPSS

Exploits22References2

CVE•added 2024/06/20 12:0 a.m.•427 views

CVE-2024-28397

CVE-2024-28397 affects the Python js2py library (versions up to 0.74). The vulnerability enables a sandbox escape and remote code execution by abusing Python object introspection from JavaScript. Attackers can obtain a PyObjectWrapper via Object.getOwnPropertyNames({}) and then traverse to Python...

5.3CVSS7.7AI score0.59353EPSS

Exploits22References2

Cvelist•added 2024/06/20 12:0 a.m.•23 views

CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

0.59353EPSS

Exploits22References2

GithubExploit•added 2024/06/19 1:46 a.m.•889 views

Exploit for CVE-2024-28397

Introduction 中文 Analysis Chinese./an...

5.3CVSS6.9AI score0.59353EPSS

Exploits22

Positive Technologies•added 2024/02/28 12:0 a.m.•2 views

PT-2024-4746

Name of the Vulnerable Software and Affected Versions js2py versions prior to 0.74 python-Js2Py versions prior to 0.74-3.1 openSUSE Tumbleweed pyload-ng versions less than or equal to 0.5.0b3.dev85 when used with Python 3.11 or below Description A sandbox escape issue exists in the js2py.disable...

9.8CVSS7.5AI score0.83924EPSS

Exploits22References56

0day.today•added 2023/02/27 12:0 a.m.•670 views

pyLoad js2py Python Execution Exploit

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default...

9.8CVSS9.8AI score0.9294EPSS

Exploits13

Metasploit•added 2023/02/22 7:52 p.m.•741 views

pyLoad js2py Python Execution

9.8CVSS9.7AI score0.9294EPSS

Exploits13

Packet Storm•added 2023/02/22 12:0 a.m.•372 views

pyLoad js2py Python Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'pyLoad js2py Python Execution', 'Description' = %q pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code...

9.8CVSS9.6AI score0.9294EPSS

Exploits13

GithubExploit•added 2023/02/15 6:28 a.m.•1085 views

Exploit for Code Injection in Pyload

pyloadCVE-2023-0297poc A code injection vulnerability...

9.8CVSS9.6AI score0.9294EPSS

Exploits13

Positive Technologies•added 2023/01/14 12:0 a.m.•3 views

PT-2023-16152 · Pypi +1 · Js2Py +1

Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev31 Description: The issue concerns a code injection vulnerability in the pyload/pyload GitHub repository. It allows for pre-authentication remote code execution RCE due to the integration of JavaScri...

9.8CVSS9.6AI score0.9294EPSS

Exploits13References19

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by