CVE-2023-41047

Name of the Vulnerable Software and Affected Versions OctoPrint versions up to and including 1.9.2

Description The issue allows malicious administrators to configure a specially crafted GCODE script, enabling code execution during the rendering of that script. This could be used to extract or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. More than 20,000 OctoPrint instances are currently accessible online.

Recommendations For OctoPrint versions up to and including 1.9.2, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the GCODE script configuration to trusted administrators only, and avoid configuring arbitrary GCODE scripts found online or provided by third parties.