PT-2023-3609 · Orchid · Orchid

Catferq

Publicado

2023-07-11

Atualizado

2023-07-20

CVE-2023-36825

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Orchid versions 14.0.0-alpha4 through 14.4.x

Description A vulnerability is present in the Orchid package, related to the deserialization of untrusted data from the state query parameter, which can result in remote code execution. The issue allows a remote attacker to execute arbitrary code.

Recommendations For versions 14.0.0-alpha4 through 14.4.x, upgrade the software to version 14.5.0 or any subsequent versions that include the patch to address the issue. As a temporary workaround, consider restricting access to the state query parameter until a patch is applied.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

BDU:2023-03893

CVE-2023-36825

GHSA-PH6G-P72V-PC3P

Produtos afetados

Orchid

PT-2023-3609 · Orchid · Orchid

CVE-2023-36825

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8