LOURC0D3

6 exploits Active since May 2023
CVE-2024-34342 GITHUB HIGH python WORKING POC
react-pdf <7.7.3 and 8.0.0-8.0.2 - PDF.js JavaScript Execution
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
191 stars
CVSS 7.1
CVE-2024-4367 NOMISEC HIGH WORKING POC
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
191 stars
CVSS 8.8
CVE-2024-24787 NOMISEC MEDIUM WORKING POC
Go cmd/go 1.21.10 and 1.22.0-1.22.3 - Code Execution via CGO LDFLAGS
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
5 stars
CVSS 6.4
CVE-2023-32961 NOMISEC HIGH WRITEUP
Zotpress <= 7.3.3 - Unauthenticated Reflected Cross-Site Scripting
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions.
2 stars
CVSS 7.1
CVE-2024-39700 NOMISEC CRITICAL STUB
JupyterLab < 4.3.0 - Remote Code Execution via GitHub Actions Workflow
JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration.
1 stars
CVSS 9.9
CVE-2023-29439 NOMISEC HIGH WRITEUP
FooPlugins FooGallery <= 2.2.35 - Unauthenticated Reflected Cross-Site Scripting
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.
1 stars
CVSS 7.1