Описание
Azure Core shared client library for Python Remote Code Execution Vulnerability
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
According to the CVSS metric, privileges required is low (PR:L) but the attack occurs remotely. What does that mean for this vulnerability?
To exploit this vulnerability, an attacker would be required change a valid token to be malicious to the service/app which would require developer-type authorization.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Core shared client library for Python |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.5 High
CVSS3
Связанные уязвимости
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
Azure Core is vulnerable to deserialization of untrusted data
Уязвимость клиентской библиотеки Azure Core для Python, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3