Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2017-18365
HistoryMar 28, 2019 - 5:23 a.m.

CVE-2017-18365

2019-03-2805:23:18
mitre
www.cve.org

9.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product’s source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects.

Related

nvd 1
openvas 1
cve 1
prion 1
nvd
nvd
CVE-2017-18365
2019-03-28 06:29:00
openvas
openvas
GitHub Enterprise 2.8.x < 2.8.7 Management Console RCE Vulnerability - Active Check
2017-03-17 00:00:00
cve
cve
CVE-2017-18365
2019-03-28 06:29:00
prion
prion
Deserialization of untrusted data
2019-03-28 06:29:00

9.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

JSON
Related for CVELIST:CVE-2017-18365
nvd1openvas1cve1prion1