{"uuid": "1ce274ba-3b27-4d6b-8e0a-d16da5a69a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39943", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1605", "content": "\ud83d\udea8PoC RELEASED\ud83d\udea8\"CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).\"\n\nhttps://x.com/DarkWebInformer/status/1809222291945095352\n\nhttps://github.com/truonghuuphuc/CVE-2024-39943-Poc", "creation_timestamp": "2024-07-05T22:38:10.000000Z"}