CVE-2023-36467

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 28, 2023

Updated: Jul 7, 2023

CWE ID 94

Summary

CVE-2023-36467 affects versions 1.2.0 through 1.5.1 of the AWS data.all framework, an open-source tool for building data marketplaces on Amazon Web Services. The vulnerability enables remote code execution when authenticated users inject Python commands into the 'Template' field during pipeline configuration. This issue can potentially lead to serious security consequences. Users are advised to upgrade to version 1.5.2 or later to mitigate the risk. No workarounds are currently recommended.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rzmjou
https://www.cve.org/CVERecord?id=CVE-2023-36467
https://nvd.nist.gov/vuln/detail/CVE-2023-36467

Back to Vulnerability Database

CVE-2023-36467

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations