VDB
CVE-2023-6507
CVE-2023-6507
PUBLISHED
Groups not dropped before running subprocess when using empty 'extra_groups' parameter
EPSS 0.08% · 24.3th percentile
Risk Scores
EPSS Score
0.08%
24.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | libpython | 3.12.0, 3.12.0, 3.12.0 |
| Bitnami | python | 3.12.0 |
| Bitnami | python | 3.12.0, 3.12.0, 3.12.0 |
| Bitnami | python-min | 3.12.0, 3.12.0, 3.12.0 |
| Bitnami | libpython | 3.12.0 |
| Bitnami | python-min | 3.12.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-6507 (circl-sighting)
- https://github.com/python/cpython/issues/112334 (circl)
- https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ (circl)
- https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610 (circl)
- https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b (circl)
- https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06 (circl)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
…and 14 more exploits
Timeline
- Dec 8, 2023 CVE Published
- Dec 9, 2023 EPSS Score
- Dec 31, 2023 PoC Published
- Jan 7, 2024 EPSS Score
- Feb 6, 2024 EPSS Score
- Mar 6, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
- May 4, 2024 EPSS Score
- Jun 2, 2024 EPSS Score
- Jul 2, 2024 EPSS Score
- Aug 30, 2024 EPSS Score
- Sep 28, 2024 EPSS Score
References
- https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b url
- https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06 url
- https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610 url
- https://github.com/python/cpython/issues/112334 url
- https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-6507 url