5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
A malicious actor may be able to extract a JWT token via malicious “/command” request. This is a form of cross site scripting (XSS).
blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents
nvd.nist.gov/vuln/detail/CVE-2024-31839