PT-2023-20029 · Unknown+1 · Swig-Templates+1
Y1Nglamore
·
Published
2023-03-15
·
Updated
2025-02-27
·
CVE-2023-25344
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
swig-templates versions 2.0.4 and earlier
swig versions 1.4.2 and earlier
Description
An issue allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.
Recommendations
For swig-templates versions 2.0.4 and earlier, consider disabling the use of crafted Object.prototype anonymous functions until a patch is available.
For swig versions 1.4.2 and earlier, consider disabling the use of crafted Object.prototype anonymous functions until a patch is available.
As a temporary workaround, restrict the execution of arbitrary code via crafted Object.prototype anonymous functions in both swig-templates and swig.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Swig
Swig-Templates