CVE-2023-6309
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-6309
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6309.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-6309
- Published
- 2023-11-27T02:15:42Z
- Modified
- 2025-10-16T18:44:31.667798Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135.
- References
Affected packages
Git / github.com/moses-smt/mosesdecoder
Affected ranges
- Type
- GIT
- Repo
- https://github.com/moses-smt/mosesdecoder
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
mmt-mvp-0.*
mmt-mvp-0.2.0
mmt-mvp-v0.*
mmt-mvp-v0.12.0
mmt-mvp-v0.12.1
mmt-mvp-v0.9.0
Other
pre-MMT
ranked-sampling-v0.*
ranked-sampling-v0.1.0
Database specific
vanir_signatures
[
{
"id": "CVE-2023-6309-0ae1002e",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/PhraseBased/Manager.cpp"
},
"digest": {
"line_hashes": [
"287799047509587991674869595905362083999",
"194014147465151276086725446532518972482",
"54556868642469713685637384158847552438",
"305293933092946706212455641990429689917",
"164938762843142924974016788741402971396",
"327145125206464237521372156096953221977",
"234773954176797209531456115597982703158"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-21d2daea",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/legacy/Bitmaps.h"
},
"digest": {
"line_hashes": [
"207172663435752969340917940283201476354",
"197241871430959707446725766341289685438"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-29023eb6",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/Main.cpp"
},
"digest": {
"line_hashes": [
"77015291220887071739383473423043162250",
"4791519720846525949517920688764110876",
"8110439303748515608239307500976140318",
"116055660889892962530777476981821538082"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-2938d389",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/FF/StatelessFeatureFunction.h"
},
"digest": {
"line_hashes": [
"6106077494158834408191727108293064896",
"37367592069878887743139942173560473656"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-34166ffb",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/defer/CubePruningCardinalStack/Stack.h"
},
"digest": {
"line_hashes": [
"163154644638348233158395153374325907810",
"107191173141483463899007190751372325432",
"77534081765974908153959284095222812456",
"69340196871160383827602960232189243965",
"283826973313577643352788803864976472879",
"7757581711386589369271224138387330704",
"104941240749221153233647790800432302117"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-4b4ed93c",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/defer/CubePruningBitmapStack/Misc.h"
},
"digest": {
"line_hashes": [
"235911648813310825851127682912219700901",
"241805756202622770009768560353220183352",
"190857528106358254107234541323657527413",
"185196893019859075809214484981778396367",
"300861718470050016832035136251634166699",
"139548751621167405315622285218600146942",
"126894741173841347561463312460864546154",
"63697558579940042639977239828372600886"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-5b55d017",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/HypothesisColl.h"
},
"digest": {
"line_hashes": [
"66339231305232658671109981124880252781",
"320412668135699447618793268470709233076",
"189800262004595559869319819038430072588"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-5cae96b8",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/defer/CubePruningBitmapStack/Stack.h"
},
"digest": {
"line_hashes": [
"163154644638348233158395153374325907810",
"107191173141483463899007190751372325432",
"77534081765974908153959284095222812456",
"291478699453865245521091780254996202313",
"277326330914393770064616620249550461600",
"304767212978406107484137588123765534101",
"104941240749221153233647790800432302117"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-646a3103",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/defer/CubePruningPerBitmap/Misc.h"
},
"digest": {
"line_hashes": [
"235911648813310825851127682912219700901",
"241805756202622770009768560353220183352",
"190857528106358254107234541323657527413",
"185196893019859075809214484981778396367",
"300861718470050016832035136251634166699",
"139548751621167405315622285218600146942",
"139659351680358969733224333488732988854",
"63363215336700645376042090824945750025"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-6d28581f",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/PhraseBased/CubePruningMiniStack/Stack.h"
},
"digest": {
"line_hashes": [
"163154644638348233158395153374325907810",
"107191173141483463899007190751372325432",
"77534081765974908153959284095222812456"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-8476ec83",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"function": "Temp",
"file": "moses2/Main.cpp"
},
"digest": {
"length": 540.0,
"function_hash": "182353790773938809587114032224525926475"
},
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2023-6309-9a030828",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/PhraseBased/Normal/Stack.h"
},
"digest": {
"line_hashes": [
"182266515569901985806693369413740811617",
"77534081765974908153959284095222812456"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-a8037bdd",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/SCFG/nbest/NBests.h"
},
"digest": {
"line_hashes": [
"334633140571608706651991760190116077768",
"172618108275161822371952686497418417879",
"286601356145049915873519652833739356738",
"79475622298012707981381407042257845715",
"319075604201523007646459466599977162279",
"243605047432511047232395539695014523064"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-ab9b934a",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/legacy/FactorCollection.h"
},
"digest": {
"line_hashes": [
"317347614599550526183274876323754920649",
"265241503700140694676230279881342347895",
"336899072829365001445922648494577655375",
"82771307390077287839818496465811443348",
"32769400282768707602339163747587012272",
"197733840876450594093183512195221703502",
"29466725951482136827394878048949787616",
"208595512770669292990126850629065182828"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-b1b2f9c3",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/SCFG/Misc.h"
},
"digest": {
"line_hashes": [
"302930751195726194749262172417285968727",
"294810810201566152430893661985602021351",
"316900431191805631482398076372878741818",
"315455630917953417723530621105578741463",
"263702779483625592042552064634311638876",
"249695478392695360639588472260144041887",
"212546069056548199902373813758761046341",
"130208245571562311497916336758327426760"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-c2704bde",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/FF/StatefulFeatureFunction.h"
},
"digest": {
"line_hashes": [
"56942818565358178888652249451036578736",
"52225132572542106361403908754465133770"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-c5595698",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/defer/CubePruningPerMiniStack/Misc.h"
},
"digest": {
"line_hashes": [
"235911648813310825851127682912219700901",
"241805756202622770009768560353220183352",
"190857528106358254107234541323657527413",
"185196893019859075809214484981778396367",
"300861718470050016832035136251634166699",
"139548751621167405315622285218600146942",
"139659351680358969733224333488732988854",
"63363215336700645376042090824945750025"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-c850b032",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/defer/CubePruningCardinalStack/Misc.h"
},
"digest": {
"line_hashes": [
"235911648813310825851127682912219700901",
"241805756202622770009768560353220183352",
"190857528106358254107234541323657527413",
"185196893019859075809214484981778396367",
"300861718470050016832035136251634166699",
"139548751621167405315622285218600146942",
"139659351680358969733224333488732988854",
"63363215336700645376042090824945750025"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-e0d2decf",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/PhraseBased/CubePruningMiniStack/Misc.h"
},
"digest": {
"line_hashes": [
"235911648813310825851127682912219700901",
"241805756202622770009768560353220183352",
"190857528106358254107234541323657527413",
"185196893019859075809214484981778396367",
"261570824187461698520361629733246730916",
"255161395853958434367429642675049210421",
"337325582187597172420921535553295808433",
"207207774955736515860094285894789123721"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2023-6309-e96a0420",
"deprecated": false,
"source": "https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8",
"target": {
"file": "moses2/Phrase.h"
},
"digest": {
"line_hashes": [
"155182889077358448335846357036652658686"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line"
}
]