Описание
Whaleal IceFrog is vulnerable to deserialization
Whaleal IceFrog v1.1.8 component Aviator Template Engine is vulnerable to deserialization of untrusted data. The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Пакеты
Наименование
com.whaleal.icefrog:icefrog-all
maven
Затронутые версииВерсия исправления
<= 1.1.8
Отсутствует
Связанные уязвимости
CVSS3: 5.5
nvd
больше 2 лет назад
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.