📄 js2py 0.74 Automated Sandbox Escape / Code Execution

js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...

Linux Distros Unpatched Vulnerability : CVE-2024-28397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. CVE-2024-28397 Note that...

Exploit for CVE-2024-28397

CVE-2024-28397-command-execution-poc This vulnerability arises...

The vulnerability of the js2py.disable_pyimport() function in the js2py library allows a hacker to bypass the sandbox protection and execute arbitrary code.

The vulnerability of the js2py.disablepyimport function in the js2py library is related to improper code generation management. Exploiting this vulnerability could allow a remote attacker to bypass the sandbox’s security mechanisms and execute arbitrary code by sending specially crafted API calls...

Remote Code Execution (RCE)

js2py is vulnerable to Remote Code Execution RCE. The vulnerability is due to the js2py.disablepyimport function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code execution...

UBUNTU-CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...