mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 11:11:27 +00:00
28 lines
1.2 KiB
JSON
28 lines
1.2 KiB
JSON
{
|
|
"id": "CVE-2024-33434",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-05-07T14:15:10.760",
|
|
"lastModified": "2024-05-07T20:07:58.737",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Un problema en tiagorlampert CHAOS antes de 1b451cf62582295b7225caf5a7b506f0bad56f6b y 24c9e109b5be34df7b2bce8368eae669c481ed5e permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante la concatenaci\u00f3n insegura del argumento `filename` en la cadena `buildStr` sin ninguna sanitizaci\u00f3n o filtrado."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/tiagorlampert/CHAOS/pull/95",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |