Henryk Plötz on Nostr: Today's entry in "Wow, that's a Bullshit CVE": ...
Today's entry in "Wow, that's a Bullshit CVE": https://www.exploit-db.com/exploits/46386
Basically, if you evaluate remote user input as code, the remote user can execute code. *shockedpikachuface*
I would like to point out that CVEs define publicly known vulnerabilities in publicly released software packages. So if the guy/gal wants to publicly release their "example code" as a software package, they could get a CVE for *that*. But not for the code eval function they misused.
Basically, if you evaluate remote user input as code, the remote user can execute code. *shockedpikachuface*
I would like to point out that CVEs define publicly known vulnerabilities in publicly released software packages. So if the guy/gal wants to publicly release their "example code" as a software package, they could get a CVE for *that*. But not for the code eval function they misused.