PT-2024-20056 · Metagpt · Metagpt

Name of the Vulnerable Software and Affected Versions: MetaGPT versions 0.6.4 and earlier Description: The issue allows the QaEngineer role to execute arbitrary code because RunCode.run script passes shell metacharacters to subprocess.Popen. This enables potential exploitation, but specific detai...

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

Command injection

reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

AZL-35143 CVE-2023-6507 affecting package python3 for versions less than 3.12.3-1

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

Design/Logic Flaw

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

UBUNTU-CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

CVE-2023-6507

Affects CPython 3.12.0 on POSIX via the subprocess module. When using extra_groups=[], the code regressed to not calling setgroups(0, NULL) before exec(), so original process groups aren’t dropped before starting the new process. The issue only impacts privileged CPython processes (typically root...

PSF-2023-12 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

PSF-CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

PT-2023-9621 · Python +2 · Cpython +2

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 Description: The issue is related to errors in privilege management in the subprocess module of the CPython interpreter. When using the extra groups= parameter with an empty list as a value, the logic regressed to not...

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

CVE-2023-40581 yt-dlp command injection when using `%q` in `--exec` on Windows

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

GHSA-FWJ4-72FM-C93G Under-validated ComSpec and cmd.exe resolution in Mutagen projects

Impact Mutagen projects offer shell-based execution functionality. On Windows, the shell is resolved using the standard %ComSpec% mechanism, with a fallback to a %PATH%-based search for cmd.exe. While this is the standard practice on Windows systems, it presents somewhat risky behavior. Firstly,...

Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

Dompdf 1.2.1 Remote Code Execution

!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...