CVE-2024-50636

Published: Nov 11, 2024

Modified: Nov 19, 2024

PUBLISHED

Description

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/schrodinger/pymol-open-source/issues/405

https://github.com/yamerooo123/CVE/blob/main/CVE-2024-50636/Description.md

https://youtu.be/SWnN_a1tUNc

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-50636

Description

Affected Products

References