PT-2022-26108 · Opticam · Optica
Ohler55
·
Published
2022-11-23
·
Updated
2022-11-30
·
CVE-2022-41875
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Optica versions prior to 0.10.2
Description
A remote code execution issue in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. This can lead to remote code execution on the attacked system running Optica.
Recommendations
For versions prior to 0.10.2, update to version 0.10.2 or later, where the call to the function
oj.load was changed to oj.safe load to resolve the issue.Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Optica