CVE-2024-30850

Description

A remote attacker can execute arbitrary commands via crafted HTTP requests.

How to fix CVE-2024-30850

To remediate CVE-2024-30850, upgrade the affected package to a fixed version below.

• Go/github.com/tiagorlampert/CHAOS—upgrade to 0.0.0-20220716132853-b47438d36e3a or later
• Go/github.com/tiagorlampert/CHAOS—upgrade to 0.0.0-20220716132853-b47438d36e3a or later
• Go/github.com/tiagorlampert/CHAOS—upgrade to 0.0.0-20220716132853-b47438d36e3a or later

Is CVE-2024-30850 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2024-30850.

Affected packages (3)

• from 0, < 0.0.0-20220716132853-b47438d36e3a
• from 0, < 0.0.0-20220716132853-b47438d36e3a
• from 0, < 0.0.0-20220716132853-b47438d36e3a

CVSS scores

References (10)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-30850
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-33434
• PATCHgithub.com/tiagorlampert/CHAOS
• WEBblog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents