{"id":"CVE-2023-33965","summary":"Brook's tproxy server is vulnerable to a drive-by command injection.","details":"Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.","aliases":["GHSA-vfrj-fv6p-3cpf"],"modified":"2026-04-02T09:02:21.463588Z","published":"2023-06-01T14:10:54.644Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33965.json","cwe_ids":["CWE-78"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33965.json"},{"type":"ADVISORY","url":"https://github.com/txthinking/brook/security/advisories/GHSA-vfrj-fv6p-3cpf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33965"},{"type":"FIX","url":"https://github.com/txthinking/brook/commit/314d7070c37babf6c38a0fe1eada872bb74bf03e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/txthinking/brook","events":[{"introduced":"0"},{"fixed":"6e7a3e6e1ff493707ab1b98cd684263a944186ac"}]}],"versions":["v20170316","v20170322","v20170323","v20170330","v20170516","v20170723","v20170809","v20170814","v20170826","v20170909","v20171111","v20171113","v20180112","v20180227","v20180401","v20180601","v20180707","v20180909","v20181212","v20190205","v20190401","v20190601","v20200101","v20200102","v20200201","v20200214","v20200501","v20200502","v20200701","v20200801","v20200901","v20200909","v20210101","v20210214","v20210401","v20210601","v20210616","v20210701","v20220401","v20220404","v20220406","v20220501","v20220515","v20220707","v20221010","v20221212","v20230101","v20230122","v20230401","v20230404","v20230404.5.1","v20230601"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33965.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}