Products
CHAOS
- before 1b451cf62582295b7225caf5a7b506f0bad56f6b
- 24c9e109b5be34df7b2bce8368eae669c481ed5e
CHAOS
- before 1b451cf62582295b7225caf5a7b506f0bad56f6b
- before 24c9e109b5be34df7b2bce8368eae669c481ed5e
Source
cve@mitre.org
Tags
CVE-2024-33434 details
Published : May 7, 2024, 2:15 p.m.
Last Modified : May 7, 2024, 8:07 p.m.
Last Modified : May 7, 2024, 8:07 p.m.
Description
An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496 | cve@mitre.org |
https://github.com/tiagorlampert/CHAOS/pull/95 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.