You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: website/source/content/docs/collection/_index.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,17 +8,6 @@ bookCollapseSection: true
8
8
9
9
A curated dataset of confirmed vulnerable Python packages with proof-of-concept exploits. This page combines the **assigned CVEs** and the **end-to-end exploitation walkthroughs**. The full list of 76 confirmed cases lives on the [Catalog]({{< relref "catalog" >}}) page.
10
10
11
-
## End-to-end exploitation walkthroughs
12
-
13
-
Each page below walks through the full exploitation chain: the vulnerable function, the pollution payload, the trigger, and the resulting consequence.
14
-
15
-
-[Azure CLI]({{< relref "showcases/azure-cli" >}}) - Token Leakage and OS Command Injection through `set_properties`.
16
-
-[ComfyUI]({{< relref "showcases/comfyui" >}}) - DoS through reflective attribute setting.
17
-
-[django-unicorn]({{< relref "showcases/django-unicorn" >}}) - DoS, XSS, Auth Bypass, and RCE through a single WebSocket message.
18
-
-[Mesop]({{< relref "showcases/mesop" >}}) - DoS and Remote Execution through reflective dataclass update.
19
-
-[ragflow]({{< relref "showcases/ragflow" >}}) - Class pollution via reflective attribute setting.
20
-
-[Taipy]({{< relref "showcases/taipy" >}}) - DoS, XSS, RCE, and Token Leakage through `_attrsetter`.
21
-
22
11
## Assigned CVEs
23
12
24
13
The CVE table lists every advisory issued for class pollution, both from this work and from prior research.
@@ -37,3 +26,14 @@ The CVE table lists every advisory issued for class pollution, both from this wo
37
26
|[CVE-2024-5452](https://nvd.nist.gov/vuln/detail/CVE-2024-5452)| deepdiff (prior work) | DoS |[diogotcorreia](https://github.com/qlustered/deepdiff/security/advisories/GHSA-mw26-5g2v-hqw3)| Fixed |
38
27
39
28
</div>
29
+
30
+
## End-to-end exploitation walkthroughs
31
+
32
+
Each page below walks through the full exploitation chain: the vulnerable function, the pollution payload, the trigger, and the resulting consequence.
33
+
34
+
-[Azure CLI]({{< relref "showcases/azure-cli" >}}) - Token Leakage and OS Command Injection through `set_properties`.
35
+
-[ComfyUI]({{< relref "showcases/comfyui" >}}) - DoS through reflective attribute setting.
36
+
-[django-unicorn]({{< relref "showcases/django-unicorn" >}}) - DoS, XSS, Auth Bypass, and RCE through a single WebSocket message.
37
+
-[Mesop]({{< relref "showcases/mesop" >}}) - DoS and Remote Execution through reflective dataclass update.
38
+
-[ragflow]({{< relref "showcases/ragflow" >}}) - Class pollution via reflective attribute setting.
39
+
-[Taipy]({{< relref "showcases/taipy" >}}) - DoS, XSS, RCE, and Token Leakage through `_attrsetter`.
0 commit comments