CVE-2024-39205

Published Oct 28, 2024

Last updated 18 days ago

CVSS critical 9.8

Overview

Description
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Social media

Hype score
Not currently trending

  1. GitHub - Marven11/CVE-2024-39205-Pyload-RCE: Pyload RCE with js2py sandbox escape https://t.co/xPx0YWbXQ9

    @akaclandestine

    10 Nov 2024

    5179 Impressions

    20 Retweets

    73 Likes

    41 Bookmarks

    5 Replies

    2 Quotes

  2. #exploit 1. CVE-2024-39205: Pyload RCE with js2py sandbox escape https://t.co/vbwpTCCJmy 2. CVE-2024-40431, CVE-2022-25477 - 25480: Vulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver) https://t.co/ea8vmfaCjo

    @HackingTeam777

    31 Oct 2024

    188 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. CVE-2024-39205 An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. https://t.co/5dSkD1PPTI

    @CVEnew

    28 Oct 2024

    273 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #exploit 1. CVE-2024-39205: Pyload RCE with js2py sandbox escape https://t.co/91FstISBB5 2. CVE-2024-40431, CVE-2022-25477 - 25480: Vulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver) https://t.co/cNQrOXpH3r

    @ksg93rd

    27 Oct 2024

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #exploit 1. CVE-2024-39205: Pyload RCE with js2py sandbox escape https://t.co/JCxNSOwPMB 2. CVE-2024-40431, CVE-2022-25477 - 25480: Vulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver) https://t.co/L3TC5IgWT9

    @un_exceptional

    27 Oct 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #exploit 1. CVE-2024-39205: Pyload RCE with js2py sandbox escape https://t.co/xPx0YWbXQ9 2. CVE-2024-40431, CVE-2022-25477 - 25480: Vulnerabilities in RtsPer.sys (Realtek SD Card Reader Driver) https://t.co/hP9Paw68cX 3. CVE-2024-1512: SQLI in MasterStudy LMS WP Plugin… https:/

    @akaclandestine

    27 Oct 2024

    1669 Impressions

    13 Retweets

    36 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-39205 CVE-2024-39205-Pyload-RCE Pyload RCE with js2py sandbox escape Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell comm... https://t.co/ToiQgp92Cb

    @VulmonFeeds

    26 Oct 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References