icon

We found results for “

CVE-2023-33965

Good to know:

icon

Date: June 1, 2023

Brook is a cross-platform programmable network tool. The "tproxy" server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local "tproxy" service leading to remote code execution. A patch is available in version 20230606.

Language: Go

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

icon

Upgrade Version

Upgrade to version github.com/txthinking/brook - v20230606

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us