{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T01:14:04.991","vulnerabilities":[{"cve":{"id":"CVE-2023-45158","sourceIdentifier":"vultures@jpcert.or.jp","published":"2023-10-16T08:15:09.990","lastModified":"2024-11-21T08:26:27.417","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product."},{"lang":"es","value":"Existe una vulnerabilidad de inyección de comandos del Sistema Operativo en web2py 2.24.1 y versiones anteriores. Cuando el producto está configurado para utilizar notifySendHandler para el registro (no la configuración predeterminada), una solicitud web manipulada puede ejecutar un comando arbitrario del sistema operativo en el servidor web que utiliza el producto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:web2py:web2py:*:*:*:*:*:*:*:*","versionEndIncluding":"2.24.1","matchCriteriaId":"804767C1-58E1-4770-88B5-08E840011736"}]}]}],"references":[{"url":"http://web2py.com/","source":"vultures@jpcert.or.jp","tags":["Product"]},{"url":"http://web2py.com/init/default/download","source":"vultures@jpcert.or.jp","tags":["Product"]},{"url":"https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3","source":"vultures@jpcert.or.jp","tags":["Patch"]},{"url":"https://jvn.jp/en/jp/JVN80476432/","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"http://web2py.com/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"http://web2py.com/init/default/download","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://jvn.jp/en/jp/JVN80476432/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}