CVE-2023-47105

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-47105

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-47105.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-47105

Aliases

GHSA-723h-x37g-f8qm

Published

2024-09-18T17:15:18Z

Modified

2024-09-19T00:50:47.941841Z

Summary

[none]

Details

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

References

https://github.com/chaosblade-io/chaosblade/blob/0a07380c9899febb2b544132783b376b44226cca/exec/os/executor.go#L68
https://narrow-oatmeal-0c0.notion.site/ChaosBlade-Remote-Command-Execution-CVE-2023-47105-4f5459046488436caaec2bced6ff26d7

Affected packages

Git / github.com/chaosblade-io/chaosblade

Affected ranges

Type: GIT
Repo: https://github.com/chaosblade-io/chaosblade
Events: Introduced

5e8b63e2b7aa7c54ac90342ba0cf6ebad9225571

Last affected

176699f18bff9e4afdf43e8fb31d9dd79907ef5d

Affected versions

v0.*

v0.10.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.2.0

v1.4.0

v1.5.0

v1.6.0

v1.7.1

v1.7.2

v1.7.3