Improper Sanitization

2023-10-1107:21:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

improper sanitization

arbitrary code execution

gcode script

software vulnerability

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

octoprint is vulnerable to Improper Sanitization. The vulnerability is due to RelEnvironment class in __init__.py which allows the execution of arbitrary code within the GCODE script feature. This lack of restriction could allow a malicious admin to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script.