CVE-2024-33434

{"id": "CVE-2024-33434", "metrics": {}, "published": "2024-05-07T14:15:10.760", "references": [{"url": "https://gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496", "source": "cve@mitre.org"}, {"url": "https://github.com/tiagorlampert/CHAOS/pull/95", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering."}, {"lang": "es", "value": "Un problema en tiagorlampert CHAOS antes de 1b451cf62582295b7225caf5a7b506f0bad56f6b y 24c9e109b5be34df7b2bce8368eae669c481ed5e permite a un atacante remoto ejecutar c\u00f3digo arbitrario mediante la concatenaci\u00f3n insegura del argumento `filename` en la cadena `buildStr` sin ninguna sanitizaci\u00f3n o filtrado."}], "lastModified": "2024-05-07T20:07:58.737", "sourceIdentifier": "cve@mitre.org"}