EUVD-2023-0182

Malicious code in bioql PyPI...

CVE-2023-41047

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

Improper Sanitization

octoprint is vulnerable to Improper Sanitization. The vulnerability is due to RelEnvironment class in init.py which allows the execution of arbitrary code within the GCODE script feature. This lack of restriction could allow a malicious admin to configure a specially crafted GCODE script through...

OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine

Impact OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script. An attacker might use this to extract data managed by...

Code injection

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

PT-2023-6631 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.9.2 Description: The issue allows malicious administrators to configure a specially crafted GCODE script, enabling code execution during the rendering of that script. This could be used to extract or...