Arbitrary Command Injection Affecting github.com/1panel-dev/1panel/backend package, versions <1.3.6
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.1% (43rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOM1PANELDEV1PANELBACKEND-5756514
- published 6 Jul 2023
- disclosed 5 Jul 2023
- credit Unknown
Introduced: 5 Jul 2023
CVE-2023-36457 Open this link in a new tabHow to fix?
Upgrade github.com/1Panel-dev/1Panel/backend
to version 1.3.6 or higher.
Overview
Affected versions of this package are vulnerable to Arbitrary Command Injection. An authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories.
References
CVSS Scores
version 3.1