Lucene search

[email protected]NVD:CVE-2021-33420

HistoryDec 15, 2022 - 7:15 p.m.

CVE-2021-33420

2022-12-1519:15:15

CWE-502

[email protected]

web.nvd.nist.gov

deserialization

inikulin replicator

remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.2%

JSON

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

Affected configurations

Nvd

Node

replicator_projectreplicatorRange<1.0.4

VendorProductVersionCPE
replicator_projectreplicator*cpe:2.3:a:replicator_project:replicator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
replicator_project	replicator	*	cpe:2.3:a:replicator_project:replicator::::::::

References

advisory.checkmarx.net/advisory/CX-2021-4787

github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b

github.com/inikulin/replicator/issues/16

github.com/inikulin/replicator/pull/17

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.2%

JSON

Related for NVD:CVE-2021-33420

osv2 cve1 veracode1 cvelist1 github1 prion1