Go modules package
github.com/tiagorlampert/chaos
pkg:golang/github.com/tiagorlampert/chaos
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-33434 | Cri | 9.8 | < 0.0.0-20220716132853-b47438d36e3a | 0.0.0-20220716132853-b47438d36e3a | May 7, 2024 | An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sa | |
| CVE-2024-30850 | — | < 0.0.0-20220716132853-b47438d36e3a | 0.0.0-20220716132853-b47438d36e3a | Apr 12, 2024 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent | ||
| CVE-2024-31839 | — | <= 5.0.1 | — | Apr 12, 2024 | Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. |
- affected < 0.0.0-20220716132853-b47438d36e3afixed 0.0.0-20220716132853-b47438d36e3a
An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sa
- CVE-2024-30850Apr 12, 2024affected < 0.0.0-20220716132853-b47438d36e3afixed 0.0.0-20220716132853-b47438d36e3a
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent
- CVE-2024-31839Apr 12, 2024affected <= 5.0.1
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.