CVE-2024-28397 PoC — Js2Py 安全漏洞

Source

https://github.com/vitaciminIPI/CVE-2024-28397-RCE

Associated Vulnerability

Title:Js2Py 安全漏洞 (CVE-2024-28397)
Description:Js2Py是Python基金会的一个库。用于将 JavaScript 转换为 Python 代码。 Js2Py 0.74 及之前版本存在安全漏洞，该漏洞源于组件 js2py.disable_pyimport() 中存在一个问题，攻击者利用该漏洞可以通过精心设计的 API 调用执行任意代码。

Description

CVE-2024-28397 - Remote Code Execution From Vulnerable JS2PY

Readme

# CVE-2024-28397-RCE
CVE-2024-28397 - Remote Code Execution From Vulnerable JS2PY

Usage: python3 exploit.py

File Snapshot


 [4.0K]  /data/pocs/7cee6ff2881c21baa8750541cbad37cfb6b3ba89
├── [1.7K]  exploit.py
└── [ 109]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!