11 matches found
Exploit for Command Injection in Materialsvirtuallab Pymatgen
CVE-2024-23346-exploit This is a exploit for the known Remote...
📄 Pymatgen 2024.1 Remote Code Execution
Pymatgen version 2024.1 suffers from a remote code execution vulnerability. Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.or...
Pymatgen 2024.1 - Remote Code Execution (RCE)
Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.org /project /pymatgen/ Version : 2024.1 Tested on : Kali Linux 2024.1 CVE :...
Exploit for Command Injection in Materialsvirtuallab Pymatgen
A Rust exploitation script for CVE-2024-23346. As shown below t...
Exploit for Command Injection in Materialsvirtuallab Pymatgen
CVE-2024-23346 This PoC is based on the report/findings of Wil...
Exploit for Command Injection in Materialsvirtuallab Pymatgen
!imagehttps://github.com/user-attac...
Debian dsa-5763 : python-pymatgen-doc - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5763 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5763-1 [email protected] https://www.debian.org/security/ Moritz...
abics (=2.1.0), abinitostudio (>=1.0.1 <=1.0.8) +93 more potentially affected by CVE-2024-23346 via pymatgen (>=2017.7.4 <=2024.11.13)
pymatgen PYPI version =2017.7.4, =1.0.1, =0.3.0, =0.2.0, =0.3.0, =2.0.0, =0.1.0, =1.1.4, =1.5.0, =1.1.2, =0.5.0, =0.3.0, =1.0.0a1, =3.0.0, =3.5.2 and more Source cves: CVE-2024-23346 Source advisory: OSV:GHSA-VGV8-5CPJ-QJ2F...
abics (=2.1.0), abinitostudio (>=1.0.1 <=1.0.8) +93 more potentially affected by CVE-2024-23346 via pymatgen (>=2017.7.4 <=2024.11.13)
pymatgen PYPI version =2017.7.4, =1.0.1, =0.3.0, =0.2.0, =0.3.0, =2.0.0, =0.1.0, =1.1.4, =1.5.0, =1.1.2, =0.5.0, =0.3.0, =1.0.0a1, =3.0.0, =3.5.2 and more Source cves: CVE-2024-23346 Source advisory: OSV:PYSEC-2024-226...
CVE-2024-23346
CVE-2024-23346 affects pymatgen: the JonesFaithfulTransformation.from_transformation_str() method insecurely uses eval() on untrusted input, enabling arbitrary code execution during CIF parsing. This is tied to a vulnerability in the CIF parser path and is documented as a critical issue with a fi...
CVE-2024-23346
creationtimestamp| type| source ---|---|--- 2024-02-21 15:45:42+00:00| published-proof-of-concept| https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f 2024-02-21 18:31:23+00:00| seen| https://t.me/ctinow/189897 2024-02-21 18:36:14+00:00| seen|...