Skip to content

Commit 30972e8

Browse files
Add vpatch-CVE-2023-47248 rule
1 parent e452ba7 commit 30972e8

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
## autogenerated on 2026-07-01 13:09:22
2+
name: crowdsecurity/vpatch-CVE-2023-47248
3+
description: 'Detects PyArrow Flight RPC RCE via crafted extension type in DoPut endpoint.'
4+
rules:
5+
- and:
6+
- zones:
7+
- URI
8+
transform:
9+
- lowercase
10+
match:
11+
type: contains
12+
value: /arrow.flight.protocol.flightservice/doput
13+
- zones:
14+
- HEADERS
15+
variables:
16+
- content-type
17+
transform:
18+
- lowercase
19+
match:
20+
type: contains
21+
value: application/grpc
22+
23+
labels:
24+
type: exploit
25+
service: http
26+
confidence: 3
27+
spoofable: 0
28+
behavior: 'http:exploit'
29+
label: 'PyArrow - RCE'
30+
classification:
31+
- cve.CVE-2023-47248
32+
- attack.T1190
33+
- cwe.CWE-502

0 commit comments

Comments
 (0)