Lucene search

K
cve[email protected]CVE-2024-28397
HistoryJun 20, 2024 - 5:15 p.m.

CVE-2024-28397

2024-06-2017:15:50
CWE-94
web.nvd.nist.gov
31
js2py component api call craft arbitrary code execute

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%