exploitDog

GHSA-7vq9-qv5h-q335

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.

Ссылки

EPSS

Процентиль: 78%

0.01137

Низкий

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2021-36231

CVSS3: 8.8

nvd

больше 4 лет назад

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.

EPSS

Процентиль: 78%

0.01137

Низкий

CVE ID

Дефекты

CWE-502