Lucene search
Veracode Vulnerability DatabaseVERACODE:40928HistoryJun 16, 2023 - 10:45 a.m.
Command Injection
2023-06-1610:45:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
brook
command injection
user request validation
tproxy service
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
0.007
Percentile
80.7%
github.com/txthinking/brook is vulnerable to Command Injection. The vulnerability exists due to a lack of user request validation in the local tproxy service, which allows an attacker to inject and execute arbitrary commands.
Related
osv
osv
CVE-2023-33965
2023-06-01 15:15:09
Brook's tproxy server is vulnerable to a drive-by command injection.
2023-06-06 01:38:11
github
github
Brook's tproxy server is vulnerable to a drive-by command injection.
2023-06-06 01:38:11
prion
prion
Command injection
2023-06-01 15:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-33965
2023-06-01 15:15:09
cve
cve
CVE-2023-33965
2023-06-01 15:15:09
CVSS3
9.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
0.007
Percentile
80.7%
Related for VERACODE:40928