CVE-2023-47105

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Chaosblade versions 0.3 through 1.7.3

Description The issue allows OS command execution via the cmd parameter without authentication when server mode is used. This is related to the exec.CommandContext in Chaosblade.

Recommendations For Chaosblade versions 0.3 through 1.7.3, as a temporary workaround, consider restricting access to the cmd parameter in server mode to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Eval Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-95

Related Identifiers

CVE-2023-47105

GHSA-723H-X37G-F8QM

GO-2024-3133

Affected Products

Chaosblade

CVE-2023-47105

Weakness Enumeration

Related Identifiers

Affected Products

References · 12