PT-2023-20029 · Unknown+1 · Swig-Templates+1

Y1Nglamore

Publicado

2023-03-15

Atualizado

2025-02-27

CVE-2023-25344

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions swig-templates versions 2.0.4 and earlier swig versions 1.4.2 and earlier

Description An issue allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.

Recommendations For swig-templates versions 2.0.4 and earlier, consider disabling the use of crafted Object.prototype anonymous functions until a patch is available. For swig versions 1.4.2 and earlier, consider disabling the use of crafted Object.prototype anonymous functions until a patch is available. As a temporary workaround, restrict the execution of arbitrary code via crafted Object.prototype anonymous functions in both swig-templates and swig.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2023-25344

Produtos afetados

Swig

Swig-Templates

PT-2023-20029 · Unknown+1 · Swig-Templates+1

CVE-2023-25344

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8