Lucene search

GoogleOSV:GHSA-HW46-VG6W-88FJ

HistoryDec 15, 2022 - 9:30 p.m.

replicator vulnerable to Deserialization of Untrusted Data

2022-12-1521:30:28

Google

osv.dev

replicator

vulnerability

deserialization

inikulin

remote attackers

arbitrary code

typedarray object

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

CPENameOperatorVersion
replicatorlt1.0.4

CPE	Name	Operator	Version
	replicator	lt	1.0.4

References

advisory.checkmarx.net/advisory/CX-2021-4787

github.com/inikulin/replicator

github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b

github.com/inikulin/replicator/issues/16

github.com/inikulin/replicator/pull/17

nvd.nist.gov/vuln/detail/CVE-2021-33420

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for OSV:GHSA-HW46-VG6W-88FJ