CVE-2024-53305: Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

April 16, 2025

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.

References

fern89.github.io/posts/whoogle-rce
gist.github.com/fern89/ca5fe76ad81b4bc363e7341e523a1651
github.com/advisories/GHSA-2689-cw26-6cpj
github.com/benbusby/whoogle-search
github.com/benbusby/whoogle-search/commit/223f00c3c0533423114f99b30c561278bc0b42ba
nvd.nist.gov/vuln/detail/CVE-2024-53305

Code Behaviors & Features

Detect and mitigate CVE-2024-53305 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →