CVE-2023-48310

Name of the Vulnerable Software and Affected Versions TestingPlatform versions prior to 2.1.1

Description The issue arises from incorrect filtering of user input, allowing Nmap options to be accepted. This includes the option to create log files at a specified location, potentially leading to denial of service if the file already exists. An attacker can also scan any CIDR blocks passed to Nmap, including 0.0.0.0/0 or local networks.

Recommendations For versions prior to 2.1.1, update to version 2.1.1 to resolve the issue. As a temporary workaround, consider restricting the use of Nmap options and limiting the ability to create log files at arbitrary locations. Avoid using the option to create log files without proper validation of the input.