{"vulnerability": "CVE-2024-23346", "sightings": [{"uuid": "f1a144f2-c39a-42cd-979b-a88b252bf95e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9362", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is an exploit for chemistry Hack the Box machines that automates a \\\"terminal\\\" enviornment using CVE-2024-23346\nURL\uff1ahttps://github.com/MAWK0235/CVE-2024-23346\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-09T22:36:23.000000Z"}, {"uuid": "fe7ab77c-a362-45b1-bc1e-f56759979ca1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lmteau4rtd2g", "content": "", "creation_timestamp": "2025-04-15T05:36:42.705285Z"}, {"uuid": "0028525d-efd2-4aea-96b4-92b164dd9240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmxigyn5dv2h", "content": "", "creation_timestamp": "2025-04-16T21:02:24.108203Z"}, {"uuid": "038c8bc4-bdb9-4d22-9905-308918591de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/writeup_ctf/321", "content": "\u0421\u0434\u0435\u043b\u0430\u043b \u0440\u0430\u0439\u0442\u0430\u043f \u043d\u0430 \u043d\u043e\u0432\u0443\u044e \u0442\u0430\u0447\u043a\u0443 \u0448\u0435\u0441\u0442\u043e\u0433\u043e \u0441\u0435\u0437\u043e\u043d\u0430 hackthebox (Chemistry Season6).\n\u0418\u043b\u0438, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442 YandexGPT \"\u0420\u0435\u0448\u0438\u043b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043f\u043e \u0445\u0438\u043c\u0438\u0438 HTB\" \n\n\u0418\u0437 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0433\u043e, \u0432 \u0442\u0430\u0447\u043a\u0435 \u0431\u044b\u043b\u0430 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 CIF (Crystallographic Information File) - CVE-2024-23346\n\u0438 LFI \u0432 aiohttp - CVE-2024-23334. \n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0435 \u0448\u0430\u0433\u0438 \u043f\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044e \u0442\u0430\u0447\u043a\u0438 \u0442\u0443\u0442:\nhttps://pentestnotes.ru/ru/writeups/hackthebox/chemistry-htb-writeup/", "creation_timestamp": "2024-10-21T16:17:28.000000Z"}, {"uuid": "f79cc2cf-135c-4afd-836b-7646fb8e0d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8937", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen &lt;= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-02T19:43:36.000000Z"}, {"uuid": "84475602-2b44-4f76-b114-15ad773d2705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45234", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aPoC exploit and vulnerable server demo for CVE-2025-1302 in jsonpath-plus.\nURL\uff1ahttps://github.com/DAVIDAROCA27/CVE-2024-23346-exploit\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-07-24T18:23:12.000000Z"}, {"uuid": "8ce73b08-dd61-43b0-a240-44fbd6574e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aDeveloped PoC for pymatgen &lt;= 2024.2.8 Insecure Deserialization RCE\nURL\uff1ahttps://github.com/bluetoothStrawberry/CVE-2024-23346_poc\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-05T20:57:53.000000Z"}, {"uuid": "ae3a56e3-162e-4fb5-bd1c-7761beaf5bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "Telegram/iNFvofcejHT1UJTcFqWUlfDrh8sGhUnP2aFNlTJXmorFBwHU", "content": "", "creation_timestamp": "2025-02-06T02:44:21.000000Z"}, {"uuid": "73a55c0c-c170-4169-a50a-3ff5ce6e8da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/arpsyndicate/4023", "content": "#ExploitObserverAlert\n\nCVE-2024-23346\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-23346. Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.", "creation_timestamp": "2024-02-22T19:51:58.000000Z"}, {"uuid": "5e47f391-815a-4ae5-9e3d-fe7e3061ae47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/ctinow/206497", "content": "https://ift.tt/7VxrJHd\nCVE-2024-23346 | materialsproject pymatgen prior 2024.2.20 from_transformation_str command injection", "creation_timestamp": "2024-03-13T09:41:26.000000Z"}, {"uuid": "2a41ee52-584f-48b5-ad4a-c241f5f7fa95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/ctinow/189911", "content": "https://ift.tt/gnASYcD\nCVE-2024-23346", "creation_timestamp": "2024-02-21T18:36:14.000000Z"}, {"uuid": "d2904502-510d-4ed9-9f70-5553d4d2c7fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23346", "type": "seen", "source": "https://t.me/ctinow/189897", "content": "https://ift.tt/gnASYcD\nCVE-2024-23346", "creation_timestamp": "2024-02-21T18:31:23.000000Z"}]}