We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent e452ba7 commit 30972e8Copy full SHA for 30972e8
1 file changed
appsec-rules/crowdsecurity/vpatch-CVE-2023-47248.yaml
@@ -0,0 +1,33 @@
1
+## autogenerated on 2026-07-01 13:09:22
2
+name: crowdsecurity/vpatch-CVE-2023-47248
3
+description: 'Detects PyArrow Flight RPC RCE via crafted extension type in DoPut endpoint.'
4
+rules:
5
+ - and:
6
+ - zones:
7
+ - URI
8
+ transform:
9
+ - lowercase
10
+ match:
11
+ type: contains
12
+ value: /arrow.flight.protocol.flightservice/doput
13
14
+ - HEADERS
15
+ variables:
16
+ - content-type
17
18
19
20
21
+ value: application/grpc
22
+
23
+labels:
24
+ type: exploit
25
+ service: http
26
+ confidence: 3
27
+ spoofable: 0
28
+ behavior: 'http:exploit'
29
+ label: 'PyArrow - RCE'
30
+ classification:
31
+ - cve.CVE-2023-47248
32
+ - attack.T1190
33
+ - cwe.CWE-502
0 commit comments