Vulnerability Details CVE-2023-24107
hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/jminh/hour_of_code_python_2015/
- https://github.com/jminh/hour_of_code_python_2015/issues/4
- https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
- https://github.com/jminh/hour_of_code_python_2015/
- https://github.com/jminh/hour_of_code_python_2015/issues/4
- https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
Products affected by CVE-2023-24107
-
cpe:2.3:a:hour_of_code_python_2015_project:hour_of_code_python_2015:2015-12-11