PT-2018-9548 · Megamek · Megamek
Prodigysml
·
Published
2018-12-20
·
Updated
2019-02-01
·
CVE-2018-1000824
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MegaMek versions prior to 0.45.1
Description
The issue in MegaMek can result in disclosure of confidential data, denial of service, SSRF, and remote code execution due to a vulnerability in the Object Stream Connection.
Recommendations
For versions prior to 0.45.1, update to version 0.45.1 or later to resolve the issue.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Megamek