High severity8.6OSV Advisory· Published Sep 18, 2024· Updated Jun 17, 2026
CVE-2023-47105
CVE-2023-47105
Description
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/chaosblade-io/chaosbladeGo | >= 0.0.3, < 1.7.4 | 1.7.4 |
Affected products
2- Range: v0.10.0, v0.3.0, v0.4.0, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-723h-x37g-f8qmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-47105ghsaADVISORY
- github.com/chaosblade-io/chaosblade/blob/0a07380c9899febb2b544132783b376b44226cca/exec/os/executor.gonvdWEB
- github.com/chaosblade-io/chaosblade/commit/6bc73c31e14ea2b1bfc30f359e1fe952859d9adcghsaWEB
- narrow-oatmeal-0c0.notion.site/ChaosBlade-Remote-Command-Execution-CVE-2023-47105-4f5459046488436caaec2bced6ff26d7nvdWEB
News mentions
0No linked articles in our index yet.