add CVE-2023-41105
This commit is contained in:
Fisher4ever
parent
368fc95951
commit
b81b1427cb
|
|
@ -0,0 +1,5 @@
|
||||||
|
import os.path
|
||||||
|
os.path.normpath('hello\x00world')
|
||||||
|
# this should ouput 'hello\x00world'
|
||||||
|
os.path.normpath('\x00hello')
|
||||||
|
# this should output '\x00hello'
|
||||||
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Python Vulnerability in NetApp Products
|
||||||
|
Date: 2023-11-07
|
||||||
|
Exploit Author: Seth Larson
|
||||||
|
Vendor Homepage: https://github.com/python/cpython
|
||||||
|
Software Link: https://github.com/abersheeran/rpc.py
|
||||||
|
Version: Python 3.11.0 to 3.11.4
|
||||||
|
Tested on: Python 3.11.3 (main, Jun 5 2023, 09:32:32) [GCC 13.1.1 20230429] on linux
|
||||||
|
CVE : CVE-2023-41105
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
```
|
||||||
|
python CVE-2023-41105.py
|
||||||
|
```
|
||||||
|
|
||||||
|
# reference
|
||||||
|
https://github.com/python/cpython/issues/106242
|
||||||
|
https://github.com/python/cpython/pull/107981
|
||||||
|
https://github.com/python/cpython/pull/107982
|
||||||
|
https://github.com/python/cpython/pull/107983
|
||||||
|
https://mail.python.org/archives/list/security-announce%40python.org/thread/D...
|
||||||
|
https://security.netapp.com/advisory/ntap-20231006-0015/
|
||||||
|
|
@ -0,0 +1,24 @@
|
||||||
|
id: CVE-2023-41105
|
||||||
|
source: https://github.com/python/cpython/issues/106242
|
||||||
|
info:
|
||||||
|
name: Python Vulnerability in NetApp Products
|
||||||
|
severity: critical
|
||||||
|
description:
|
||||||
|
Multiple NetApp products incorporate Python. Python versions prior to 3.11 through 3.11.4 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data.
|
||||||
|
scope-of-influence:
|
||||||
|
Versions 9.8, 9.10 and 9.11 are not affected; versions 9.12 and 9.13 are affected.
|
||||||
|
reference:
|
||||||
|
- https://github.com/python/cpython/issues/106242
|
||||||
|
- https://github.com/python/cpython/pull/107981
|
||||||
|
- https://github.com/python/cpython/pull/107982
|
||||||
|
- https://github.com/python/cpython/pull/107983
|
||||||
|
- https://mail.python.org/archives/list/security-announce%40python.org/thread/D...
|
||||||
|
- https://security.netapp.com/advisory/ntap-20231006-0015/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2023-41105
|
||||||
|
cwe-id: None
|
||||||
|
cnvd-id: None
|
||||||
|
kve-id: None
|
||||||
|
tags: Source Codes Read
|
||||||
Loading…
Reference in New Issue