Lucene search
Veracode Vulnerability DatabaseVERACODE:38951HistoryJan 21, 2023 - 8:47 a.m.
Remote Code Execution(RCE)
2023-01-2108:47:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
remote code execution
github dependency
vulnerability
malicious code
software
EPSS
0.001
Percentile
31.8%
github.com/bits-and-blooms/bloom is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the library depending on a library but referencing it with an old URL (github.com/GoASTScanner/gas), which leads to dependency confusion. An attacker can register the old GitHub user-name and upload malicious code to the old repo namespace, allowing a remote attacker to execute malicious code.
Related
osv
osv
Bloom Uncontrolled Search Path Element vulnerability
2023-01-12 18:30:28
CVE-2023-0247
2023-01-12 17:15:09
prion
prion
Code injection
2023-01-12 17:15:00
cve
cve
CVE-2023-0247
2023-01-12 17:15:09
github
github
Bloom Uncontrolled Search Path Element vulnerability
2023-01-12 18:30:28
nvd
nvd
CVE-2023-0247
2023-01-12 17:15:09
huntr
huntr
RCE due to a dependency confusion
2022-05-05 18:47:15
cvelist
cvelist
CVE-2023-0247 Uncontrolled Search Path Element in bits-and-blooms/bloom
2023-01-12 00:00:00