What is CVE-2023-0297?

CVE-2023-0297 is a critical-severity vulnerability in Pyload Pyload/pyload, classified under Code Injection. CVSS score: 9.8/10. Published 2023-01-14.

How severe is CVE-2023-0297?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2023-0297 known to be exploited?

32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Pyload Pyload/pyload

CVE-2023-0297

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.934 (99.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Pyload Pyload/pyload — versions unspecified

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad
Small-ears/CVE-2023-0297
overgrowncarrot1/CVE-2023-0297
S4MY9/CVE-2023-0297
btar1gan/exploit_CVE-2023-0297
hazeyez/CVE-2023-0297
rapid7/metasploit-framework
Acaard/HTB-PC
CVEDB/PoC-List
CVEDB/top

References

huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65
github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d
packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html
packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html

Frequently asked questions

What is CVE-2023-0297?: CVE-2023-0297 is a critical-severity vulnerability in Pyload Pyload/pyload, classified under Code Injection. CVSS score: 9.8/10. Published 2023-01-14.
How severe is CVE-2023-0297?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2023-0297 known to be exploited?: 32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.