Veracode Vulnerability DatabaseVERACODE:45929Exposed Dangerous Method Or Function
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
turbo_boost-commands is vulnerable to Exposed Dangerous Method or Functions. The vulnerability is due to the existing checks that aren’t robust enough to prevent sophisticated attackers from invoking more methods than should be permitted. Although commands verify that the class must be a Command and that the requested method is defined as a public method, this isn’t sufficient to guard against all unwanted code execution. Therefore, the library should more strictly enforce which methods are considered safe before allowing them to be executed.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%