CVE-2024-28397

Publication date 20 June 2024

Last updated 11 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

Read the notes from the security team

Status

Package Ubuntu Release Status
python-cloudscraper 25.10 questing
Needs evaluation
25.04 plucky Ignored end of life, was needs-triage
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
23.10 mantic Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release

Notes

rodrigo-zaiden

python-cloudscraper includes js2py interpreter

Severity score breakdown

Parameter Value
Base score 5.3 · Medium
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

Other references

Access our resources on patching vulnerabilities