Lucene search

[email protected]CVE-2021-33420

HistoryDec 15, 2022 - 7:15 p.m.

CVE-2021-33420

2022-12-1519:15:15

CWE-502

[email protected]

web.nvd.nist.gov

cve-2021-33420

deserialization issue

inikulin replicator

remote code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

Affected configurations

NVD

Node

replicator_projectreplicatorRange<1.0.4

CPENameOperatorVersion
replicator_project:replicatorreplicator project replicatorlt1.0.4

CPE	Name	Operator	Version
replicator_project:replicator	replicator project replicator	lt	1.0.4

References

advisory.checkmarx.net/advisory/CX-2021-4787

github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b

github.com/inikulin/replicator/issues/16

github.com/inikulin/replicator/pull/17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2021-33420

osv2 prion1 nvd1 cvelist1 veracode1 github1