Описание
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
Ссылки
- Issue TrackingPatch
- Third Party Advisory
- Issue TrackingPatch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.89 (включая)
cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00858
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
EPSS
Процентиль: 75%
0.00858
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94