CVE-2018-8097

CRITICAL

Eve <0.7.5 - Code Injection

Title source: llm

Description

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.

Exploits (2)

nomisec WORKING POC 1 stars
by SilentVoid13 · poc
https://github.com/SilentVoid13/CVE-2018-8097
nomisec WORKING POC
by StellarDriftLabs · poc
https://github.com/StellarDriftLabs/CVE-2018-8097-PoC

References (2)

Scores

CVSS v3 9.8
EPSS 0.1911
EPSS Percentile 95.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
pypi/eve 0 - 0.7.5PyPI
python-eve/eve < 0.7.5
Published Mar 14, 2018
Tracked Since Feb 18, 2026