CWE-94
Allowed-with-ReviewImproper Control of Generation of Code ('Code Injection')
Abstraction: Base · Status: Draft
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
8287 vulnerabilities reference this CWE, most recent first.
CVE-2023-40221 (GCVE-0-2023-40221)
Vulnerability from cvelistv5 – Published: 2023-09-18 19:59 – Updated: 2024-08-02 18:24 Unsupported When Assigned- CWE-94 - Code Injection
| Vendor | Product | Version | |
|---|---|---|---|
| Socomec | MODULYS GP (MOD3GP-SY-120K) |
Affected:
v01.12.10
|
|
| socomec | modulys_gp_firmware |
Affected:
01.12.10
cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modulys_gp_firmware",
"vendor": "socomec",
"versions": [
{
"status": "affected",
"version": "01.12.10"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:24:56.536951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:55.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MODULYS GP (MOD3GP-SY-120K)",
"vendor": "Socomec",
"versions": [
{
"status": "affected",
"version": "v01.12.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aar\u00f3n Flecha Men\u00e9ndez reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-09-07T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nThe absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section (MAIL SERVER) where the information is displayed. Injection can be done on parameter MAIL_RCV. When a legitimate user attempts to review NOTIFICATION/MAIL SERVER, the injected code will be executed.\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T19:59:17.900Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSocomec reports that MODULYS GP (MOD3GP-SY-120K) is an End-of-Life product. Socomec recommends using MODULYS GP2 (M4-S-XXX) instead. MODULYS GP2 (M4-S-XXX) is not affected by the above vulnerabilities.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nSocomec reports that MODULYS GP (MOD3GP-SY-120K) is an End-of-Life product. Socomec recommends using MODULYS GP2 (M4-S-XXX) instead. MODULYS GP2 (M4-S-XXX) is not affected by the above vulnerabilities.\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-250-03",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Socomec MOD3GP-SY-120K Code Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-40221",
"datePublished": "2023-09-18T19:59:17.900Z",
"dateReserved": "2023-09-06T15:41:16.552Z",
"dateUpdated": "2024-08-02T18:24:55.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40050 (GCVE-0-2023-40050)
Vulnerability from cvelistv5 – Published: 2023-10-31 14:07 – Updated: 2024-09-06 15:41| URL | Tags |
|---|---|
| https://docs.chef.io/release_notes_automate/ | release-notes |
| https://docs.chef.io/automate/profiles/ | release-notes |
| https://community.progress.com/s/article/Product-… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | Chef Automate |
Affected:
4.0.0 , ≤ 4.10.29
(semver)
|
|
| chef | automate |
Affected:
0 , ≤ 4.10.29
(custom)
cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.chef.io/release_notes_automate/"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.chef.io/automate/profiles/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "automate",
"vendor": "chef",
"versions": [
{
"lessThanOrEqual": "4.10.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T15:36:39.457247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T15:41:14.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.chef.io/downloads",
"defaultStatus": "affected",
"modules": [
"Automate Upload Profile"
],
"packageName": "Automate",
"platforms": [
"Linux"
],
"product": "Chef Automate",
"repo": "https://github.com/chef/automate",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThanOrEqual": "4.10.29",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "HackerOne - tas50"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \u003c/p\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T14:07:59.881Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.chef.io/release_notes_automate/"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.chef.io/automate/profiles/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cstrong\u003eSolution (optional): \u003c/strong\u003eCustomers should adopt the latest releases of Automate available from the customer downloads portal.\n\n\u003cbr\u003e"
}
],
"value": "\nSolution (optional): Customers should adopt the latest releases of Automate available from the customer downloads portal.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cstrong\u003eWorkaround (optional): \u003c/strong\u003eChef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\u003cbr\u003e"
}
],
"value": "\nWorkaround (optional): Chef recommends all users to manually inspect and lint with a tool similar to test-kitchen all profiles and cookbooks prior to usage in production.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2023-40050",
"datePublished": "2023-10-31T14:07:59.881Z",
"dateReserved": "2023-08-08T19:44:41.112Z",
"dateUpdated": "2024-09-06T15:41:14.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39956 (GCVE-0-2023-39956)
Vulnerability from cvelistv5 – Published: 2023-09-06 20:09 – Updated: 2024-09-26 15:17- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/electron/electron/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:20.784199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:17:59.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.19"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.3.13"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.7.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.4.1"
},
{
"status": "affected",
"version": "\u003e= 26.0.0-beta.1, \u003c 26.0.0-beta.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:09:33.185Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"source": {
"advisory": "GHSA-7x97-j373-85x5",
"discovery": "UNKNOWN"
},
"title": "Electron: Out-of-package code execution when launched with arbitrary cwd"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39956",
"datePublished": "2023-09-06T20:09:33.185Z",
"dateReserved": "2023-08-07T16:27:27.075Z",
"dateUpdated": "2024-09-26T15:17:59.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39469 (GCVE-0-2023-39469)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.papercut.com/kb/Main/SecurityBulletin… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| PaperCut | NG |
Affected:
22.0.12
|
|
| papercut | papercut_ng |
Affected:
22.0.12
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "papercut_ng",
"vendor": "papercut",
"versions": [
{
"status": "affected",
"version": "22.0.12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:38:33.991469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:06.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1285",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1285/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NG",
"vendor": "PaperCut",
"versions": [
{
"status": "affected",
"version": "22.0.12"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.439Z",
"datePublic": "2023-08-30T20:13:29.538Z",
"descriptions": [
{
"lang": "en",
"value": "PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:31.060Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1285",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1285/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39469",
"datePublished": "2024-05-03T01:59:31.060Z",
"dateReserved": "2023-08-02T21:37:23.123Z",
"dateUpdated": "2024-08-02T18:10:20.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39157 (GCVE-0-2023-39157)
Vulnerability from cvelistv5 – Published: 2023-12-31 10:04 – Updated: 2026-04-28 16:08- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/jet… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Crocoblock | JetElements For Elementor |
Affected:
n/a , ≤ 2.6.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-10-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JetElements For Elementor",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "2.6.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Crocoblock JetElements For Elementor.\u003cp\u003eThis issue affects JetElements For Elementor: from n/a through 2.6.10.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:34.487Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-10-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.6.11 or a higher version."
}
],
"value": "Update to\u00a02.6.11 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress JetElements For Elementor Plugin \u003c= 2.6.10 is vulnerable to Remote Code Execution (RCE)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-39157",
"datePublished": "2023-12-31T10:04:01.077Z",
"dateReserved": "2023-07-25T13:50:41.999Z",
"dateUpdated": "2026-04-28T16:08:34.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37914 (GCVE-0-2023-37914)
Vulnerability from cvelistv5 – Published: 2023-08-17 17:21 – Updated: 2024-10-08 16:22- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/ff… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-20421 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 2.5-m1, < 14.4.8
Affected: >= 14.5.0, < 14.10.6 Affected: >= 15.0, < 15.2-rc-1 |
|
| xwiki | xwiki-platform |
Affected:
2.5m1 , < 14.4.8
(custom)
Affected: 14.5.0 , < 14.10.6 (custom) Affected: 15.0 , < 15.2-tc-1 (custom) cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20421",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20421"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.4.8",
"status": "affected",
"version": "2.5m1",
"versionType": "custom"
},
{
"lessThan": "14.10.6",
"status": "affected",
"version": "14.5.0",
"versionType": "custom"
},
{
"lessThan": "15.2-tc-1",
"status": "affected",
"version": "15.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37914",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T16:19:19.925359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T16:22:04.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.5-m1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0, \u003c 15.2-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T17:21:23.571Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20421",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20421"
}
],
"source": {
"advisory": "GHSA-7954-6m9q-gpvf",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation (PR)/RCE from account through Invitation subject/message"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37914",
"datePublished": "2023-08-17T17:21:23.571Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-10-08T16:22:04.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37582 (GCVE-0-2023-37582)
Vulnerability from cvelistv5 – Published: 2023-07-12 09:26 – Updated: 2025-04-23 16:20- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache RocketMQ |
Affected:
5.0.0 , ≤ 5.1.1
(maven)
Affected: 0 , ≤ 4.9.6 (maven) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-37582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:22.203941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:20:32.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache RocketMQ",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.1.1",
"status": "affected",
"version": "5.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "4.9.6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "soreatu@gmail.com"
},
{
"lang": "en",
"type": "finder",
"value": "yuansec@outlook.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. \u003cbr\u003e\u003cbr\u003eWhen NameServer address \u003c/span\u003eare leaked on the extranet and lack permission verification, a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003en attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. \u003cbr\u003e\u003cbr\u003eIt is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. \n\nWhen NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. \n\nIt is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T09:30:10.439Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
}
],
"source": {
"defect": [
"https://github.com/apache/rocketmq/pull/6843"
],
"discovery": "EXTERNAL"
},
"title": "Apache RocketMQ: Possible remote code execution when using the update configuration function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-37582",
"datePublished": "2023-07-12T09:26:18.652Z",
"dateReserved": "2023-07-09T11:28:58.413Z",
"dateUpdated": "2025-04-23T16:20:32.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37470 (GCVE-0-2023-37470)
Vulnerability from cvelistv5 – Published: 2023-08-04 15:12 – Updated: 2024-10-17 14:54- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/metabase/metabase/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:54:25.239902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:54:36.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.43.7.3"
},
{
"status": "affected",
"version": "\u003e= 0.44.0.0, \u003c 0.44.7.3"
},
{
"status": "affected",
"version": "\u003e= 0.45.0.0, \u003c 0.45.4.3"
},
{
"status": "affected",
"version": "\u003e= 0.46.0.0, \u003c 0.46.6.4"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.43.7.3"
},
{
"status": "affected",
"version": "\u003e= 1.44.0.0, \u003c 1.44.7.3"
},
{
"status": "affected",
"version": "\u003e= 1.45.0.0, \u003c 1.45.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.46.0.0, \u003c 1.46.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one\u0027s Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T15:12:43.188Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-p7w3-9m58-rq83"
}
],
"source": {
"advisory": "GHSA-p7w3-9m58-rq83",
"discovery": "UNKNOWN"
},
"title": "Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37470",
"datePublished": "2023-08-04T15:12:43.188Z",
"dateReserved": "2023-07-06T13:01:36.998Z",
"dateUpdated": "2024-10-17T14:54:36.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37466 (GCVE-0-2023-37466)
Vulnerability from cvelistv5 – Published: 2023-07-13 23:17 – Updated: 2026-01-05 21:25- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/patriksimek/vm2/security/advis… | x_refsource_CONFIRM |
| https://github.com/patriksimek/vm2/commit/d9a1fde… | x_refsource_MISC |
| https://github.com/patriksimek/vm2/releases/tag/v3.10.0 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2024110… |
| Vendor | Product | Version | |
|---|---|---|---|
| patriksimek | vm2 |
Affected:
<= 3.9.19
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:48:53.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:36:22.731709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T14:51:16.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vm2",
"vendor": "patriksimek",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.9.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:25:27.207Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5"
},
{
"name": "https://github.com/patriksimek/vm2/commit/d9a1fde8ec5a5a9c9e5a69bf91d703950859d744",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/patriksimek/vm2/commit/d9a1fde8ec5a5a9c9e5a69bf91d703950859d744"
},
{
"name": "https://github.com/patriksimek/vm2/releases/tag/v3.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.10.0"
}
],
"source": {
"advisory": "GHSA-cchq-frgv-rjh5",
"discovery": "UNKNOWN"
},
"title": "vm2 Sandbox Escape vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37466",
"datePublished": "2023-07-13T23:17:51.434Z",
"dateReserved": "2023-07-06T13:01:36.997Z",
"dateUpdated": "2026-01-05T21:25:27.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37274 (GCVE-0-2023-37274)
Vulnerability from cvelistv5 – Published: 2023-07-13 22:33 – Updated: 2024-10-30 15:53- CWE-94 - Improper Control of Generation of Code ('Code Injection')
| URL | Tags |
|---|---|
| https://github.com/Significant-Gravitas/Auto-GPT/… | x_refsource_CONFIRM |
| https://github.com/Significant-Gravitas/Auto-GPT/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Significant-Gravitas | Auto-GPT |
Affected:
< 0.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-5h38-mgp9-rj5f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-5h38-mgp9-rj5f"
},
{
"name": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4756",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4756"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:53:50.571521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:53:58.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Auto-GPT",
"vendor": "Significant-Gravitas",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory.\nBefore v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-supplied code to a file with an LLM-supplied name. This allows for a path traversal attack that can overwrite any .py file outside the workspace directory by specifying a `basename` such as `../../../main.py`. This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. The issue has been patched in version 0.4.3. As a workaround, the risk introduced by this vulnerability can be remediated by running Auto-GPT in a virtual machine, or another environment in which damage to files or corruption of the program is not a critical problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T22:33:41.290Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-5h38-mgp9-rj5f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-5h38-mgp9-rj5f"
},
{
"name": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4756",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Significant-Gravitas/Auto-GPT/pull/4756"
}
],
"source": {
"advisory": "GHSA-5h38-mgp9-rj5f",
"discovery": "UNKNOWN"
},
"title": "Python code execution sandbox escape in non-docker version in Auto-GPT"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37274",
"datePublished": "2023-07-13T22:33:41.290Z",
"dateReserved": "2023-06-29T19:35:26.440Z",
"dateUpdated": "2024-10-30T15:53:58.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Refactoring
Refactor your program so that you do not have to dynamically generate code.
Mitigation
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation MIT-32
Strategy: Compilation or Build Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation MIT-32
Strategy: Environment Hardening
Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.