syphonetic/gist:e3bdee6c022b36d5ecb98fbf61284931

## gistfile1.txt
 [Description]
 A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

 ------------------------------------------

 [Additional Information]
 https://github.com/leonvanzyl/autocoder

 ------------------------------------------

 [VulnerabilityType Other]
 Remote Code Execution

 ------------------------------------------

 [Vendor of Product]
 leonvanzyl

 ------------------------------------------

 [Affected Product Code Base]
 Autocoder - 79d02a1410ef2d2c64f84e883be10a9a7105e744

 ------------------------------------------

 [Affected Component]
 POST /api/projects/{project}/devserver/start
 PATCH /api/projects/{project}/devserver/config

 ------------------------------------------

 [Attack Type]
 Remote

 ------------------------------------------

 [Impact Code execution]
 true

 ------------------------------------------

 [Attack Vectors]
 Remote attacker with network access to the devserver API can start a dev server with an attacker-controlled command (or persist a malicious custom command) resulting in arbitrary OS command execution.

 ------------------------------------------

 [Has vendor confirmed or acknowledged the vulnerability?]
 true

 ------------------------------------------

 [Reference]
 http://autocoder.com
 http://leonvanzyl.com
 https://github.com/leonvanzyl/autocoder
	[Description]
	A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter.

	------------------------------------------

	[Additional Information]
	https://github.com/leonvanzyl/autocoder

	------------------------------------------

	[VulnerabilityType Other]
	Remote Code Execution

	------------------------------------------

	[Vendor of Product]
	leonvanzyl

	------------------------------------------

	[Affected Product Code Base]
	Autocoder - 79d02a1410ef2d2c64f84e883be10a9a7105e744

	------------------------------------------

	[Affected Component]
	POST /api/projects/{project}/devserver/start
	PATCH /api/projects/{project}/devserver/config

	------------------------------------------

	[Attack Type]
	Remote

	------------------------------------------

	[Impact Code execution]
	true

	------------------------------------------

	[Attack Vectors]
	Remote attacker with network access to the devserver API can start a dev server with an attacker-controlled command (or persist a malicious custom command) resulting in arbitrary OS command execution.

	------------------------------------------

	[Has vendor confirmed or acknowledged the vulnerability?]
	true

	------------------------------------------

	[Reference]
	http://autocoder.com
	http://leonvanzyl.com
	https://github.com/leonvanzyl/autocoder
No results found