CVE-2023-0297

high-risk
Published 2023-01-14

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

Do I need to act?

!
94.0% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51532
+
Fix available
Upgrade to: 7d73ba7919e594d783b3411d7ddb87885aea782d
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Pyload

References (8)

http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html
http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.h...
Patch https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d
Exploit https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65
http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html
http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.h...
Patch https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d
Exploit https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65
64
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 5/34 · Minimal