Arbitrary Code Execution Vulnerability in js2py Prior to v0.74
CVE-2024-28397
Key Information:
- Vendor
js2py
- Vendor
- CVE Published:
- 20 June 2024
Badges
What is CVE-2024-28397?
The article discusses the CVE-2024-28397 vulnerability in js2py, a widely-used Python library with over 1 million monthly downloads. The vulnerability exposes millions of Python users to remote code execution (RCE) attacks, allowing attackers to execute arbitrary code via a crafted API call. This vulnerability has the potential to impact countless web scrapers and applications, leaving them exposed to RCE attacks. There are no known exploitations in the wild by ransomware groups at the time of the article.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVE-2024-28397 Vulnerability
SOOS β’ Don't get cocky with your app sec. Industry leading app sec, all in one dashboard.
Cyber Security InformerTop Cyber Security Informer Security Defenses CISO Content for Fri.Jun 21, 2024
Best content around Security Defenses CISO selected by the Cyber Security Informer community.
References
EPSS Score
70% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
First article discovered by Cyber Security Informer
Vulnerability published
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability Reserved