CVE-2023-24108: Code Injection

February 22, 2023 (updated March 2, 2023)

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

References

github.com/zetacomponents/MvcTools/
github.com/zetacomponents/MvcTools/issues/12
mirrors.neusoft.edu.cn/pypi/web/simple/request/
nvd.nist.gov/vuln/detail/CVE-2023-24108

Code Behaviors & Features

Detect and mitigate CVE-2023-24108 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →