PT-2019-11557 · Slanger · Slanger

Published

2019-07-15

Updated

2020-08-24

CVE-2019-1010306

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Slanger version 0.6.0

Description: The issue allows a remote attacker to execute arbitrary commands by sending a crafted request to the server. This is due to a problem in the Message handler & request validator component. The attack vector is remote unauthenticated.

Recommendations: For Slanger version 0.6.0, update to a version after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3 to resolve the issue. As a temporary workaround, consider restricting access to the Message handler & request validator component until a patch is available.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2019-1010306

GHSA-RG32-M3HF-772V

Affected Products

Slanger

PT-2019-11557 · Slanger · Slanger

CVE-2019-1010306

Weakness Enumeration

Related Identifiers

Affected Products

References · 7