GHSA-hpf7-4c2g-9chf

Suggest an improvement
Source
https://github.com/advisories/GHSA-hpf7-4c2g-9chf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-hpf7-4c2g-9chf/GHSA-hpf7-4c2g-9chf.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-hpf7-4c2g-9chf
Aliases
Published
2021-09-23T23:17:07Z
Modified
2023-11-01T04:55:21.579800Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Remote Code Execution in Halibut
Details

In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.

Database specific
{
    "nvd_published_at": "2021-09-22T02:15:00Z",
    "github_reviewed_at": "2021-09-23T17:18:19Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-502"
    ]
}
References

Affected packages

NuGet / Halibut

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.7

Affected versions

1.*

1.0.1.3
1.0.1.4
1.0.1.7
1.0.1.8
1.0.1.9
1.0.1.10
1.0.1.11
1.0.1.12
1.0.1.13
1.0.1.14
1.0.1.15
1.0.1.16
1.0.1.17
1.0.1.18
1.0.2.19
1.0.2.20
1.0.2.21
1.0.2.22
1.0.2.23
1.0.2.24
1.0.2.25
1.0.2.26
1.0.2.27
1.0.2.28
1.0.2.29
1.0.2.30
1.0.2.31
1.0.2.32
1.0.2.33
1.0.2.34
1.0.2.35
1.0.2.36
1.0.2.37
1.0.2.38
1.0.2.39
1.0.2.40

2.*

2.0.1.41
2.0.1.42
2.0.1.43
2.0.1.44
2.0.1.45
2.0.1.46
2.0.1.47
2.0.2.48
2.1.0.49
2.1.0.52
2.2.0.53
2.2.0.54
2.2.0.55
2.2.2
2.2.3
2.3.0
2.4.0
2.4.1
2.4.2-bug-proxyselect-0001
2.4.2
2.4.3
2.4.9
2.4.10
2.4.11
2.4.15
2.4.18
2.5.0

3.*

3.0.4

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.7
4.2.8
4.2.9
4.2.11
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.21
4.3.22
4.3.23
4.3.24
4.3.25
4.3.26
4.3.27
4.3.28
4.3.29
4.3.31
4.3.32
4.3.33
4.3.34
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6