Arbitrary Code Execution Vulnerability in js2py Prior to v0.74
CVE-2024-28397
Key Information:
- Vendor
- js2py
- Vendor
- CVE Published:
- 20 June 2024
Badges
Summary
The article discusses the CVE-2024-28397 vulnerability in js2py, a widely-used Python library with over 1 million monthly downloads. The vulnerability exposes millions of Python users to remote code execution (RCE) attacks, allowing attackers to execute arbitrary code via a crafted API call. This vulnerability has the potential to impact countless web scrapers and applications, leaving them exposed to RCE attacks. There are no known exploitations in the wild by ransomware groups at the time of the article.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
CVE-2024-28397 Vulnerability
SOOS β’ Don't get cocky with your app sec. Industry leading app sec, all in one dashboard.
7 months ago
Cyber Security InformerTop Cyber Security Informer Security Defenses CISO Content for Fri.Jun 21, 2024
Best content around Security Defenses CISO selected by the Cyber Security Informer community.
7 months ago
References
Timeline
- π°
First article discovered by Cyber Security Informer
Vulnerability published
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability Reserved