Lucene search
HistoryJun 19, 2023 - 1:15 a.m.
CVE-2023-35839
solon
2.3.3
deserialization
untrusted data
cve-2023-35839
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%
A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload.
Affected configurations
Node
solonsolonRange<2.3.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| solon:solon | solon | lt | 2.3.3 |
Related
cvelist
cvelist
CVE-2023-35839
2023-06-19 00:00:00
osv
osv
Solon vulnerable to deserialization of untrusted data
2023-06-19 03:30:18
CVE-2023-35839
2023-06-19 01:15:08
veracode
veracode
Arbitrary Code Execution
2023-06-28 11:21:42
nvd
nvd
CVE-2023-35839
2023-06-19 01:15:08
prion
prion
Design/Logic Flaw
2023-06-19 01:15:00
github
github
Solon vulnerable to deserialization of untrusted data
2023-06-19 03:30:18
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%
Related for CVE-2023-35839