Medium severity5.3NVD Advisory· Published Jun 20, 2024· Updated Apr 15, 2026
CVE-2024-28397
CVE-2024-28397
Description
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
js2pyPyPI | <= 0.74 | — |
Affected products
5- osv-coords5 versionspkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:pypi/js2pypkg:rpm/opensuse/python-Js2Py&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-Js2Py&distro=openSUSE%20Tumbleweed
< 2.4.0-r0+ 4 more
- (no CPE)range: < 2.4.0-r0
- (no CPE)range: < 2.4.0-r0
- (no CPE)range: <= 0.74
- (no CPE)range: < 0.74-150400.9.6.1
- (no CPE)range: < 0.74-3.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-h95x-26f3-88hrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28397ghsaADVISORY
- github.com/PiotrDabkowski/Js2Py/pull/323ghsaWEB
News mentions
0No linked articles in our index yet.