NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2023-47105

Summary	exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
Publication Date	Sept. 19, 2024, 2:15 a.m.
Registration Date	Sept. 19, 2024, 5 a.m.
Last Update	Sept. 20, 2024, 9:30 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/chaosblade-io/chaosblade/blob/0a07380c9899febb2b544132783b376b44226cca/exec/os/executor.go#L68
2	https://narrow-oatmeal-0c0.notion.site/ChaosBlade-Remote-Command-Execution-CVE-2023-47105-4f5459046488436caaec2bced6ff26d7

Common Vulnerabilities List