PT-2022-10218 · Unknown · Mashzone Nextgen
Marcos Díaz
·
Published
2022-04-05
·
Updated
2022-04-13
·
CVE-2021-33207
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MashZone NextGen versions through 10.7 GA
Description
The issue concerns the HTTP client in MashZone NextGen, which deserializes untrusted data when it receives an HTTP response with a specific status code, 570.
Recommendations
For MashZone NextGen versions through 10.7 GA, update to a version that includes a fix for this issue to prevent the deserialization of untrusted data.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mashzone Nextgen