CVE-2024-28397
CVE-2024-28397
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 5.3EPSS 4.5%KEV nãoPoC públicaNuclei simMetasploit simPatch —
Ciclo de vida
19 jun 2024PoC pública
20 jun 2024Publicada en NVD
28 oct 2024Exploit Metasploit disponible
Recomendación: Planificar corrección próxima — ya existe PoC pública.
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Productos afectados
n/a · n/aPoCs públicas encontradas — 17
githubgithub.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape★ 72githubgithub.com/naclapor/CVE-2024-28397★ 12githubgithub.com/GhostOverflow/CVE-2024-28397-command-execution-poc★ 5githubgithub.com/L1337Xi/CVE-2024-28397-Exploit-Automation★ 2githubgithub.com/xeloxa/CVE-2024-28397-Js2Py-RCE-Exploit★ 2githubgithub.com/s0m1s0ng/CVE-2024-28397-Reverse-Shell★ 1githubgithub.com/releaseown/exploit-js2py★ 1githubgithub.com/harutomo-jp/CVE-2024-28397-RCE★ 1githubgithub.com/0xDTC/js2py-Sandbox-Escape-CVE-2024-28397-RCE★ 0githubgithub.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape★ 0githubgithub.com/Naved124/CVE-2024-28397-js2py-Sandbox-Escape★ 0githubgithub.com/ExtremeUday/Remote-Code-Execution-CVE-2024-28397-pyload-ng-js2py-★ 0githubgithub.com/D3ltaFormation/CVE-2024-28397-Js2Py-RCE★ 0githubgithub.com/vitaciminIPI/CVE-2024-28397-RCE★ 0githubgithub.com/3z-p0wn/CVE-2024-28397-exploit★ 0githubgithub.com/y0naldez/CVE-2024-28397-Js2Py-RCE★ 0exploitdbwww.exploit-db.com/exploits/52532no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →