{"vulnerability": "cve-2023-2249", "sightings": [{"uuid": "99a9e18c-8559-476c-937f-9f7cbeadd726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2249", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4565", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExploit for CVE-2023-2249 in wpForo Forum plugin for WordPress\nURL\uff1ahttps://github.com/ixiacom/CVE-2023-2249\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-14T14:12:32.000000Z"}, {"uuid": "1bfcf435-81bf-40eb-8746-d768d26f6797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22491", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7129", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22491\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized.  The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL).  Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for  projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner.\n\ud83d\udccf Published: 2023-01-13T18:05:00.273Z\n\ud83d\udccf Modified: 2025-03-11T13:34:01.261Z\n\ud83d\udd17 References:\n1. https://github.com/gatsbyjs/gatsby/security/advisories/GHSA-7ch4-rr99-cqcw", "creation_timestamp": "2025-03-11T13:39:44.000000Z"}, {"uuid": "ab174a4b-b6f0-4e8e-94de-6a1253dfbdd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22497", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/46406", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1athis is a poc for the CVE-2025-24893\nURL\uff1ahttps://github.com/AliElKhatteb/CVE-2023-22497-POC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-08-03T11:11:27.000000Z"}, {"uuid": "f2efb672-20d1-4b10-bb3f-9eb9968b564c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22493", "type": "published-proof-of-concept", "source": "Telegram/3kjMLtWVSsmD2y1OzP7zGlpEhe6KWlREURwzXKH3eCeJgh0", "content": "", "creation_timestamp": "2025-07-31T03:00:05.000000Z"}, {"uuid": "d0a06448-e7f4-401c-9676-b7e90bd9096a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22491", "type": "seen", "source": "https://t.me/arpsyndicate/345", "content": "#ExploitObserverAlert\n\nCVE-2023-22491\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-22491. Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized.  The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL).  Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for  projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner.\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2023-11-22T10:59:16.000000Z"}, {"uuid": "d2d592b9-5acd-4419-b53c-128b7fdb5ba7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2249", "type": "seen", "source": "https://t.me/breachdetector/304100", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2023-2249: Wordpress Wpforo Eklentisi\", \n  \"author\": \" (SerasZen)\",\n  \"Detection Date\": \"22 Jul 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-07-22T19:32:28.000000Z"}, {"uuid": "f468e9a7-52ad-4728-8c19-63beaf59d198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22494", "type": "seen", "source": "https://t.me/cibsecurity/56487", "content": "\u203c CVE-2023-22494 \u203c\n\na12nserver is an open source lightweight OAuth2 server. Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. The knex dependency has been updated to 2.4.0 in a12nserver 0.23.0. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-13T18:31:12.000000Z"}, {"uuid": "f4783938-1e52-4c16-b8a5-cc8216adbec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22499", "type": "seen", "source": "https://t.me/cibsecurity/56633", "content": "\u203c CVE-2023-22499 \u203c\n\nDeno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can\u00e2\u20ac\u2122t be reliably reproduced on every try. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version. Users are advised to upgrade. Users unable to upgrade may run with --no-prompt flag to disable interactive permission prompts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T00:15:40.000000Z"}, {"uuid": "e1b8a150-64b7-4ef2-843c-1575800c7ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22493", "type": "seen", "source": "https://t.me/cibsecurity/56488", "content": "\u203c CVE-2023-22493 \u203c\n\nRSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-13T18:31:13.000000Z"}]}