{"id":"CVE-2023-45158","details":"An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.","modified":"2026-05-19T12:03:14.891768128Z","published":"2023-10-16T07:53:52.134Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45158.json","cna_assigner":"jpcert"},"references":[{"type":"WEB","url":"http://web2py.com/"},{"type":"WEB","url":"http://web2py.com/init/default/download"},{"type":"WEB","url":"https://jvn.jp/en/jp/JVN80476432/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45158.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45158"},{"type":"FIX","url":"https://github.com/web2py/web2py/commit/936e2260b0c34c44e2f3674a893e96d2a7fad0a3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/web2py/web2py","events":[{"introduced":"0"},{"fixed":"936e2260b0c34c44e2f3674a893e96d2a7fad0a3"}]}],"versions":["v2.24.1","v2.23.0","v2.22.5","R-2.22.4","v2.22.3","v2.22.2","v2.22.1","v2.21.1","v2.20.4","v2.20.3","v2.20.2","v2.20.1","v2.19.2","v2.19.1","2.19.1","R-2.18.5","2.18.4","R-2.18.3","R-2.18.2","R-2.17.2","R-2.17.1","R-2.16.1","R-2.15.4","R-2.15.3","R-2.15.2","R-2.15.1","R-2.15.0b2","R-2.16.0b1","latest","R-2.14.6","R-2.14.5","R-2.14.4","R-2.14.3","R-2.14.2","R-2.14.1","R-2.13.4","R-2.13.3","R-2.13.2","R-2.13.1","R-2.12.3","R-2.12.2","R-2.12.1","R-2.11.2","R-2.11.1","R-2.10.4","R-2.10.4.beta","R-2.10.3","R-2.10.2","R-2.10.1","R-2.9.12","R-2.9.11","R-2.9.10","R-2.9.9","R-2.9.8","R-2.9.7","R-2.9.6","R-2.9.5","R-2.9.4","R-2.9.3","R-2.9.2","R-2.8.2","R-2.8.1","R-2.7.4","R-2.7.3","R-2.7.2","R-2.7.1","R-2.6.4","R-2.6.3","R-2.6.2","R-2.6.1","R-2.5.1","R-2.4.7","R-2.4.6","R-2.4.5","R-2.4.4","R-2.4.3","R-2.4.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45158.json"}}],"schema_version":"1.7.5"}