Lucene search
Veracode Vulnerability DatabaseVERACODE:46807HistoryMay 08, 2024 - 7:44 a.m.
Remote Code Execution (RCE)
2024-05-0807:44:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
github
vulnerability
software
remote attacker
arbitrary code
github.com/tiagorlampert/chaos is vulnerable to Remote Code Execution. The vulnerability is due to unsafe concatenation of the filename argument into the buildStr without any sanitization or filtering, which allows a remote attacker to execute arbitrary code.
References
gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496
github.com/advisories/GHSA-xfjj-f699-rc79
github.com/tiagorlampert/CHAOS/commit/1b451cf62582295b7225caf5a7b506f0bad56f6b
github.com/tiagorlampert/CHAOS/commit/24c9e109b5be34df7b2bce8368eae669c481ed5e
github.com/tiagorlampert/CHAOS/commit/b47438d36e3ad746de8c009e644f6e5396703f25
github.com/tiagorlampert/CHAOS/pull/95
Related
cve
cve
CVE-2024-33434
2024-05-07 14:15:10
cvelist
cvelist
CVE-2024-33434
2024-05-07 00:00:00
github
github
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
nvd
nvd
CVE-2024-33434
2024-05-07 14:15:10
osv
osv
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
Arbitrary code execution in github.com/tiagorlampert/CHAOS
2024-05-09 16:51:38