Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Critical severity
GitHub Reviewed
Published
Sep 24, 2023
in
ArjunSharda/Searchor
•
Updated Oct 9, 2024
Description
Published to the GitHub Advisory Database
Sep 25, 2023
Reviewed
Sep 25, 2023
Published by the National Vulnerability Database
Dec 12, 2023
Last updated
Oct 9, 2024
An issue in Arjun Sharda's Searchor before version v.2.4.2 allows an attacker to
execute arbitrary code via a crafted script to the eval() function in Searchor's src/searchor/main.py file, affecting the search feature in Searchor's CLI (Command Line Interface).
Impact
Versions equal to, or below 2.4.1 are affected.
Patches
Versions above, or equal to 2.4.2 have patched the vulnerability.
References
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-
https://github.com/jonnyzar/POC-Searchor-2.4.2
ArjunSharda/Searchor#130
References