CVE-2023-36825

Name of the Vulnerable Software and Affected Versions Orchid versions 14.0.0-alpha4 through 14.4.x

Description A vulnerability is present in the Orchid package, related to the deserialization of untrusted data from the state query parameter, which can result in remote code execution. The issue allows a remote attacker to execute arbitrary code.

Recommendations For versions 14.0.0-alpha4 through 14.4.x, upgrade the software to version 14.5.0 or any subsequent versions that include the patch to address the issue. As a temporary workaround, consider restricting access to the state query parameter until a patch is applied.