Lucene search
GoogleOSV:GHSA-5V4M-C73V-C7GQHistoryApr 12, 2022 - 9:23 p.m.
Arbitrary Code Execution in Cookie Serialization
2022-04-1221:23:43
Google
osv.dev
6
arbitrary code execution
cookie serialization
plug session
code execution
secret key
encryption salts
vulnerability
security software
EPSS
0.003
Percentile
65.5%
The default serialization used by Plug session may result in code execution
in certain situations. Keep in mind, however, the session cookie is signed
and this attack can only be exploited if the attacker has access to your
secret key as well as your signing/encryption salts. We recommend users to
change their secret key base and salts if they suspect they have been leaked,
regardless of this vulnerability.
Related
prion
prion
Deserialization of untrusted data
2017-07-17 13:18:00
github
github
Arbitrary Code Execution in Cookie Serialization
2022-04-12 21:23:43
osv
osv
CVE-2017-1000053
2017-07-17 13:18:17
cve
cve
CVE-2017-1000053
2017-07-17 13:18:17
nvd
nvd
CVE-2017-1000053
2017-07-17 13:18:17
cvelist
cvelist
CVE-2017-1000053
2017-07-13 20:00:00