by vicarius
log in join community
by @secatgourity
15 Aug 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Source code review to understand, exploit and mitigate command injection in find-exec (CVE-2023-40582)

by @secatgourity
by @secatgourity
15 Aug 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Source code review to understand, exploit and mitigate command injection in find-exec (CVE-2023-40582)

CVEs

CVE-2023-40582
9.8 Critical Severity

Screenshots from the blog posts

images/clzs6mdh7l1wn1in9a18ngtai.pngimages/clzs6mdh7l1wn1in9a18ngtai.png

Summary

In this post we will review the source code of the find-exec package to detect the command injection vulnerability as well as to see how the vulnerability was addressed in the updated version of the package. We will also see a PoC to exploit command injection in the vulnerable package versions.

Script link

CVE-2023-40582 - GitHub Advisory Database

Command Injection Vulnerability in find-exec

image

Description

Tags

#exposed_to_RCE_attack#open-source#nodejs#command-injection#npm#find-exec

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (0)