Vulnerabilities > CVE-2023-24107 - Unspecified vulnerability in Hour of Code Python 2015 Project Hour of Code Python 2015 20151211

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hour-of-code-python-2015-project

critical

NVD

Published: 2023-02-22

Updated: 2023-03-02

Summary

hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Hour_Of_Code_Python_2015_Project Hour OF Code Python 2015 Project Hour OF Code Python 2015 2015-12-11	1

References

https://github.com/jminh/hour_of_code_python_2015/
https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
https://github.com/jminh/hour_of_code_python_2015/issues/4