CVE-2023-45158

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://web2py.com/	Product
http://web2py.com/init/default/download	Product
https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3	Patch
https://jvn.jp/en/jp/JVN80476432/	Third Party Advisory
http://web2py.com/	Product
http://web2py.com/init/default/download	Product
https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3	Patch
https://jvn.jp/en/jp/JVN80476432/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:web2py:web2py:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-16 08:15

Updated : 2024-11-21 08:26

NVD link : CVE-2023-45158

Mitre link : CVE-2023-45158

CVE.ORG link : CVE-2023-45158

JSON object : View

Products Affected

web2py

web2py

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-45158", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-16T08:15:09.990", "references": [{"url": "http://web2py.com/", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "http://web2py.com/init/default/download", "tags": ["Product"], "source": "vultures@jpcert.or.jp"}, {"url": "https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3", "tags": ["Patch"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN80476432/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://web2py.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://web2py.com/init/default/download", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jvn.jp/en/jp/JVN80476432/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo en web2py 2.24.1 y versiones anteriores. Cuando el producto est\u00e1 configurado para utilizar notifySendHandler para el registro (no la configuraci\u00f3n predeterminada), una solicitud web manipulada puede ejecutar un comando arbitrario del sistema operativo en el servidor web que utiliza el producto."}], "lastModified": "2024-11-21T08:26:27.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:web2py:web2py:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "804767C1-58E1-4770-88B5-08E840011736", "versionEndIncluding": "2.24.1"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}