CVE-2026-4500
- Source
- https://cve.org/CVERecord?id=CVE-2026-4500
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4500.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-4500
- Published
- 2026-03-20T20:16:50.450Z
- Modified
- 2026-04-10T05:43:28.974912Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/code_execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 0.0.298 will fix this issue. The name of the patch is 47b20bcda31264635faff7f6b1c8095abe1861c6. It is recommended to upgrade the affected component.
- References
-
- https://vuldb.com/?ctiid.352065
- https://vuldb.com/?id.352065
- https://vuldb.com/?submit.773890
- https://github.com/bagofwords1/bagofwords/releases/tag/v0.0.298
- https://github.com/Ka7arotto/cve/blob/main/bagofwords-rce.md
- https://github.com/bagofwords1/bagofwords/
- https://github.com/bagofwords1/bagofwords/issues/60
- https://github.com/bagofwords1/bagofwords/pull/63
- https://github.com/bagofwords1/bagofwords/commit/47b20bcda31264635faff7f6b1c8095abe1861c6
Affected packages
Git / github.com/bagofwords1/bagofwords
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bagofwords1/bagofwords
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/bagofwords1/bagofwords
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.203
v0.0.204
v0.0.205
v0.0.210
v0.0.211
v0.0.212
v0.0.213
v0.0.214
v0.0.215
v0.0.216
v0.0.217
v0.0.218
v0.0.220
v0.0.240
v0.0.241
v0.0.242
v0.0.243
v0.0.244
v0.0.246
v0.0.247
v0.0.248
v0.0.249
v0.0.250
v0.0.251
v0.0.252
v0.0.254
v0.0.257
v0.0.259
v0.0.260
v0.0.261
v0.0.262
v0.0.263
v0.0.266
v0.0.267
v0.0.268
v0.0.269
v0.0.270
v0.0.271
v0.0.272
v0.0.273
v0.0.274
v0.0.275
v0.0.276
v0.0.277
v0.0.278
v0.0.279
v0.0.280
v0.0.282
v0.0.283
v0.0.284
v0.0.286
v0.0.288
v0.0.290
v0.0.291
v0.0.292
v0.0.293
v0.0.294
v0.0.295
v0.0.296
v0.0.297