CVE-2023-0669 – metasploit-framework

Package

Manager: gem
Name: metasploit-framework
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: 0.94378 pctl0.99964

Details

Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework ## Withdrawn This advisory has been withdrawn because it was incorrectly associated with the metasploit-framework package, which is not affected by this CVE, and the actual vulnerable component does not fit within our supported ecosystems. This link is maintained to preserve external references. ## Original Description Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

Metadata

Created: 2023-02-06T21:30:29Z
Modified: 2025-07-30T11:45:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-6pm2-j2v8-h3cj/GHSA-6pm2-j2v8-h3cj.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-6pm2-j2v8-h3cj
Finding: N/A
Auto approve: 0