Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-28397
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Js2Py 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Js2Py是Python基金会的一个库。用于将 JavaScript 转换为 Python 代码。 Js2Py 0.74 及之前版本存在安全漏洞,该漏洞源于组件 js2py.disable_pyimport() 中存在一个问题,攻击者利用该漏洞可以通过精心设计的 API 调用执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2024-28397
#POC DescriptionSource LinkShenlong Link
1to be releasedhttps://github.com/Marven11/CVE-2024-28397POC Details
2CVE-2024-28397: js2py sandbox escape, bypass pyimport restriction.https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-EscapePOC Details
3Nonehttps://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-EscapePOC Details
4An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-28397.yamlPOC Details
5This vulnerability arises from incomplete sandboxing in js2py, where crafted JavaScript can traverse Python’s internal object model and access dangerous classes like subprocess.Popen, leading to arbitrary command execution.https://github.com/waleed-hassan569/CVE-2024-28397-command-execution-pocPOC Details
6The CVE-2024-28397 vulnerability affects versions of js2py up to v0.74, a Python library that allows JavaScript code to be executed within the Python interpreter. https://github.com/0timeday/exploit-js2pyPOC Details
7Nonehttps://github.com/harutomo-jp/CVE-2024-28397-RCEPOC Details
8Nonehttps://github.com/Naved124/CVE-2024-28397-js2py-Sandbox-EscapePOC Details
9The CVE-2024-28397 vulnerability affects versions of js2py up to v0.74, a Python library that allows JavaScript code to be executed within the Python interpreter. https://github.com/releaseown/exploit-js2pyPOC Details
10PoC exploit for CVE-2024-28397 – Remote Code Execution in pyload-ng via js2py sandbox escapehttps://github.com/ExtremeUday/Remote-Code-Execution-CVE-2024-28397-pyload-ng-js2py-POC Details
11This repository contains a python exploit code for CVE-2024-28397 intended for use on the "CodePartTwo" machine on Hack The Box (HTB).https://github.com/naclapor/CVE-2024-28397POC Details
12Nonehttps://github.com/0xDTC/js2py-Sandbox-Escape-CVE-2024-28397-RCEPOC Details
13This repository contains a Proof of Concept (PoC) for CVE-2024-28397, a vulnerability in the js2py library allowing a sandbox escape to achieve remote code execution.https://github.com/nelissandro/CVE-2024-28397-Js2Py-RCEPOC Details
14CVE-2024-28397 - Remote Code Execution From Vulnerable JS2PYhttps://github.com/vitaciminIPI/CVE-2024-28397-RCEPOC Details
15This vulnerability arises from incomplete sandboxing in js2py, where crafted JavaScript can traverse Python’s internal object model and access dangerous classes like subprocess.Popen, leading to arbitrary command execution.https://github.com/Ghost-Overflow/CVE-2024-28397-command-execution-pocPOC Details
16Reverse shell for CVE-2024-28397.https://github.com/0xPadme/CVE-2024-28397-Reverse-ShellPOC Details
17This repository contains a Proof of Concept (PoC) for CVE-2024-28397, a vulnerability in the js2py library allowing a sandbox escape to achieve remote code execution.https://github.com/D3ltaFormation/CVE-2024-28397-Js2Py-RCEPOC Details
18A Python automation script for exploiting the **js2py Sandbox Escape** vulnerability (CVE-2024-28397). This tool automates the payload generation and delivery process to achieve Remote Code Execution (RCE) on vulnerable instances.https://github.com/L1337Xi/CVE-2024-28397-Exploit-AutomationPOC Details
19This vulnerability arises from incomplete sandboxing in js2py, where crafted JavaScript can traverse Python’s internal object model and access dangerous classes like subprocess.Popen, leading to arbitrary command execution.https://github.com/GhostOverflow/CVE-2024-28397-command-execution-pocPOC Details
20js2py <= 0.74 sandbox escape (CVE-2024-28397)https://github.com/3z-p0wn/CVE-2024-28397-exploitPOC Details
21Professional exploit for CVE-2024-28397: Js2Py Sandbox Escape leading to Remote Code Execution (RCE). Includes modular payload generation.https://github.com/xeloxa/CVE-2024-28397-Js2Py-RCE-ExploitPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-28397
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2024-28397

No comments yet

Leave a comment