1 results (0.002 seconds)
CVSS: 10.0EPSS: 33%CPEs: 2EXPL: 3
CVSS: 10.0EPSS: 33%CPEs: 2EXPL: 3CVE-2024-28397 – Pyload Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28397
20 Jun 2024 — An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. Un problema en el componente js2py.disable_pyimport() de js2py hasta v0.74 permite a atacantes ejecutar código arbitrario a través de una llamada API manipulada. CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to o... • https://packetstorm.news/files/id/182692 • CWE-94: Improper Control of Generation of Code ('Code Injection') •