2490 matches found
GHSA-MPCW-3J5P-P99X Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)
Summary Usage of the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server. Since Butterfly JavaScript code has access to Java classes, it can run arbitrary programs. Details The...
PT-2024-40377 · Butterfly · Butterfly
Name of the Vulnerable Software and Affected Versions: Butterfly affected versions not specified Description: The issue allows an attacker to execute arbitrary JavaScript code on the server by using the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input...
CVE-2024-45736
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGESTEVAL"...
Exploit for Code Injection in Geoserver
CVE-2024-36401 This is a program for checking vulnerabilities...
PT-2024-7417 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.107 Splunk Cloud Platform versions prior to 9.1.2312.204 Splunk Clo...
Malicious code in express-eval (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0b11cc6d66b7e74be79f7522107db232ad1ead6c66b04f0cc4a564705f5756b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9053 Malicious code in express-eval (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0b11cc6d66b7e74be79f7522107db232ad1ead6c66b04f0cc4a564705f5756b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted INSERT query...
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted INSERT query...
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted INSERT query...
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted “SELECT WHERE” query...
Eval Injection
LangChain Experimental is vulnerable to Eval Injection. The vulnerability is due to the use of sympy.sympify which relies on eval in the LLMSymbolicMathChain, allowing attackers to execute arbitrary code in versions 0.1.17 through 0.3.0...
Eval Injection
guardrails-ai is vulnerable to Eval Injection. The vulnerability is due to improper validation in the parsetoken method of the ValidatorsAttr class in the guardrails/guardrails/validatorsattr.py file. An attacker can execute arbitrary code on the user's machine by loading a maliciously crafted XM...
LangChain Experimental Eval Injection vulnerability
langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...
GHSA-P2QJ-R53J-H3XJ LangChain Experimental Eval Injection vulnerability
langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...
Guardrails has an arbitrary code execution vulnerability
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...
CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...
CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...
CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...
CVE-2024-45858
CVE-2024-45858 affects Guardrails AI Guardrails framework versions 0.2.9–0.5.10. The root cause is improper validation of XML files, where loading a malicious XML containing Python code causes the code to be passed to eval and executed on the user’s machine. The vulnerability enables arbitrary co...