Arbitrary Code Execution Affecting web2py package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
2.06% (90th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-WEB2PY-5883032
- published 6 Sep 2023
- disclosed 14 May 2022
- credit shaolin-tw
Introduced: 14 May 2022
CVE-2016-3953 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
Affected versions of this package are vulnerable to Arbitrary Code Execution via the hardcoded encryption key when calling the session.connect
function.
References
CVSS Scores
version 3.1