PT-2021-19821 · Emissary · Emissary

Pwntester

Published

2021-05-21

Updated

2021-05-28

CVE-2021-32634

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Emissary version 6.4.0

Description Emissary is a distributed, peer-to-peer, data-driven workflow framework. The issue is related to Unsafe Deserialization of post-authenticated requests to the "WorkSpaceClientEnqueue.action" REST endpoint, which may lead to post-auth Remote Code Execution.

Recommendations For Emissary version 6.4.0, update to version 6.5.0 to resolve the issue. As a temporary workaround, consider disabling network access to Emissary from untrusted sources.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2021-32634

GHSA-M5QF-GFMP-7638

Affected Products

Emissary

PT-2021-19821 · Emissary · Emissary

CVE-2021-32634

Weakness Enumeration

Related Identifiers

Affected Products

References · 6