Code Execution Backdoor in hour_of_code_python_2015 by jminh
CVE-2023-24107

9.8CRITICAL

Key Information:

Vendor: Hour Of Code Python 2015 Project
Status: Hour Of Code Python 2015
Vendor: CVE Published:; 22 February 2023

Summary

A code execution backdoor was identified in a specific commit of the hour_of_code_python_2015 project. This vulnerability stems from the use of the request package, allowing attackers to execute arbitrary code and potentially access sensitive user information. Users of this project are advised to review their implementations and patch accordingly to mitigate the risks associated with this vulnerability.

References

https://mirrors.neusoft.edu.cn/pypi/web/simple/request/

https://github.com/jminh/hour_of_code_python_2015/

https://github.com/jminh/hour_of_code_python_2015/issues/4

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2023
Vulnerability Reserved
Jan 23, 2023