Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24065— Command Injection

CVSS 8.1 · High EPSS 2.22% · P85
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-24065

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Command Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cookiecutter 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cookiecutter是一个跨平台的命令行实用程序,可以从 cookiecutters(项目模板)创建项目,例如 Python 包项目、C 项目。 Cookiecutter 2.1.1之前版本存在操作系统命令注入漏洞,该漏洞源于容易通过hg参数进行命令注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-cookiecutter unspecified ~ 2.1.1 -

II. Public POCs for CVE-2022-24065

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-24065

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-06-03 · 23 CVEs total

CVE-2022-211229.0 CRITICALArbitrary Code Execution
CVE-2021-42888TOTOLINK EX1200T 操作系统命令注入漏洞
CVE-2022-29767adbyby 安全漏洞
CVE-2022-32265qDecoder 安全特征问题漏洞
CVE-2022-32268StarWind SAN & NAS 安全漏洞
CVE-2022-32269RealNetworks Real Player 跨站脚本漏洞
CVE-2022-32271RealNetworks Real Player 跨站脚本漏洞
CVE-2022-32270RealNetworks Real Player 路径遍历漏洞
CVE-2021-42884TOTOLINK EX1200T 操作系统命令注入漏洞
CVE-2021-42885TOTOLINK EX1200T 操作系统命令注入漏洞
CVE-2021-42886TOTOLINK EX1200T 信息泄露漏洞
CVE-2021-42887TOTOLINK EX1200T 安全漏洞
CVE-2022-29784PublicCMS 信息泄露漏洞
CVE-2021-42889TOTOLINK EX1200T 访问控制错误漏洞
CVE-2021-42890TOTOLINK EX1200T 操作系统命令注入漏洞
CVE-2021-42891TOTOLINK EX1200T 访问控制错误漏洞
CVE-2021-42892TOTOLINK EX1200T 信任管理问题漏洞
CVE-2021-42893TOTOLINK EX1200T 访问控制错误漏洞
CVE-2021-43271Riverbed AppResponse 日志信息泄露漏洞
CVE-2022-29770XXL-JOB 跨站脚本漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2022-24065

No comments yet

Leave a comment