PT-2018-16201 · Cryo · Cryo

Greendog

Publicado

2018-08-17

Atualizado

2020-09-18

CVE-2018-3784

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cryo version 0.0.6 cryo (all versions)

Description A code injection issue in cryo allows an attacker to execute arbitrary code due to an insecure implementation of deserialization. This affects all versions of cryo.

Recommendations For cryo version 0.0.6, at the moment, there is no information about a newer version that contains a fix for this issue. For all versions of cryo, consider using an alternative module until a fix is made available. As a temporary workaround, consider restricting the use of the deserialization function to minimize the risk of exploitation.

Exploit

Correção

Deserialization of Untrusted Data

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502CWE-94

Identificadores relacionados

CVE-2018-3784

GHSA-38F5-GHC2-FCMV

Produtos afetados

Cryo

PT-2018-16201 · Cryo · Cryo

CVE-2018-3784

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6