3 matches found
CVE-2023-45672
creationtimestamp| type| source ---|---|--- 2023-10-31 01:20:23+00:00| seen| https://t.me/cibsecurity/73191 2024-01-03 19:20:03+00:00| seen| https://t.me/arpsyndicate/2346...
CVE-2023-45672
Frigate (open source NVR) contains an unsafe deserialization vulnerability in the configuration save path. The issue arises from loading user input via http.py into load_config_with_no_duplicates using yaml.loader.Loader, which can instantiate custom constructors and execute a payload at frigate/...
CVE-2023-45672 Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...