Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-36467

Published: 28/06/2023 Updated: 07/07/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 up to and including 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.

Vulnerable Product Search on Vulmon Subscribe to Product

amazon aws-dataall

References

CWE-94https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcrhttps://github.com/awslabs/aws-dataall/releases/tag/v1.5.4https://github.com/awslabs/aws-dataall/pull/472https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook