CVE-2023-47105 – github.com/chaosblade-io/chaosblade

Package

Manager: go
Name: github.com/chaosblade-io/chaosblade
Vulnerable Version: >=0.0.3 <1.7.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.14865 pctl0.94286

Details

Chaosblade vulnerable to OS command execution exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

Metadata

Created: 2024-09-18T18:30:51Z
Modified: 2024-09-25T19:28:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-723h-x37g-f8qm/GHSA-723h-x37g-f8qm.json
CWE IDs: ["CWE-78", "CWE-95"]
Alternative ID: GHSA-723h-x37g-f8qm
Finding: F004
Auto approve: 1