Lucene search

GitHub Advisory DatabaseGHSA-HW46-VG6W-88FJ

HistoryDec 15, 2022 - 9:30 p.m.

replicator vulnerable to Deserialization of Untrusted Data

2022-12-1521:30:28

CWE-502

GitHub Advisory Database

github.com

replicator

deserialization issue

arbitrary code

remote attackers

typedarray object

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

Affected configurations

Vulners

Node

replicator_projectreplicatorRange<1.0.4

CPENameOperatorVersion
replicatorlt1.0.4

CPE	Name	Operator	Version
	replicator	lt	1.0.4

References

advisory.checkmarx.net/advisory/CX-2021-4787

github.com/advisories/GHSA-hw46-vg6w-88fj

github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b

github.com/inikulin/replicator/issues/16

github.com/inikulin/replicator/pull/17

nvd.nist.gov/vuln/detail/CVE-2021-33420

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for GHSA-HW46-VG6W-88FJ