LOURC0D3

6 exploits Active since May 2023
CVE-2024-34342 GITHUB HIGH python WORKING POC
react-pdf - RCE
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
191 stars
CVSS 7.1
CVE-2024-4367 NOMISEC HIGH WORKING POC
Mozilla Firefox < 115.11.0 - Improper Condition Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
191 stars
CVSS 8.8
CVE-2024-24787 NOMISEC MEDIUM WORKING POC
Go module <CGO - RCE
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
5 stars
CVSS 6.4
CVE-2023-32961 NOMISEC HIGH WRITEUP
Zotpress < 7.3.3 - XSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions.
2 stars
CVSS 7.1
CVE-2024-39700 NOMISEC CRITICAL STUB
Jupyterlab < 4.3.0 - Code Injection
JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration.
1 stars
CVSS 9.9
CVE-2023-29439 NOMISEC HIGH WRITEUP
Fooplugins Foogallery < 2.2.35 - XSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.
1 stars
CVSS 7.1