GHSA-rx62-5cw6-x29q

Suggest an improvement
Source
https://github.com/advisories/GHSA-rx62-5cw6-x29q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-rx62-5cw6-x29q/GHSA-rx62-5cw6-x29q.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rx62-5cw6-x29q
Aliases
  • CVE-2023-3308
Published
2023-06-18T09:30:17Z
Modified
2024-03-01T14:47:10.755017Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Whaleal IceFrog is vulnerable to deserialization
Details

Whaleal IceFrog v1.1.8 component Aviator Template Engine is vulnerable to deserialization of untrusted data. The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Database specific
{
    "nvd_published_at": "2023-06-18T09:15:09Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-19T22:46:24Z"
}
References

Affected packages

Maven / com.whaleal.icefrog:icefrog-all

Package

Name
com.whaleal.icefrog:icefrog-all
View open source insights on deps.dev
Purl
pkg:maven/com.whaleal.icefrog/icefrog-all

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.1.8

Affected versions

1.*

1.0.0
1.0.1
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8