Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet o...
7.5CVSS
7.4AI Score
0.003EPSS
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
9.8CVSS
9.8AI Score
0.043EPSS