Описание
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| godot | fixed | 3.2-stable-1 | package | |
| godot | no-dsa | buster | package |
Примечания
https://github.com/godotengine/godot/pull/27398
https://github.com/godotengine/godot/commit/e3bd84fa571661d76fc8458d65bb053988e934a6 (3.2-stable)
For 3.0: https://github.com/godotengine/godot/commit/0c4881f1dbfe4feab879b4f0fe031b735ddc1f9f
EPSS
Процентиль: 91%
0.06601
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 6 лет назад
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
CVSS3: 9.8
nvd
больше 6 лет назад
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
CVSS3: 9.8
github
больше 3 лет назад
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
EPSS
Процентиль: 91%
0.06601
Низкий