CVE-2021-33420

Опубликовано: 15 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

Ссылки

https://advisory.checkmarx.net/advisory/CX-2021-4787
Exploit
Third Party Advisory
https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b
Patch
Third Party Advisory
https://github.com/inikulin/replicator/issues/16
Third Party Advisory
https://github.com/inikulin/replicator/pull/17
Third Party Advisory
https://advisory.checkmarx.net/advisory/CX-2021-4787
Exploit
Third Party Advisory
https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b
Patch
Third Party Advisory
https://github.com/inikulin/replicator/issues/16
Third Party Advisory
https://github.com/inikulin/replicator/pull/17
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:replicator_project:replicator:*:*:*:*:*:*:*:*

Версия до 1.0.4 (исключая)

EPSS

Процентиль: 84%

0.02202

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-hw46-vg6w-88fj