CVE-2023-3308 – com.whaleal.icefrog:icefrog-all

Package

Manager: maven
Name: com.whaleal.icefrog:icefrog-all
Vulnerable Version: >=0 <=1.1.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00096 pctl0.27516

Details

Whaleal IceFrog is vulnerable to deserialization Whaleal IceFrog v1.1.8 component Aviator Template Engine is vulnerable to deserialization of untrusted data. The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Metadata

Created: 2023-06-18T09:30:17Z
Modified: 2024-03-01T14:33:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-rx62-5cw6-x29q/GHSA-rx62-5cw6-x29q.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-rx62-5cw6-x29q
Finding: F096
Auto approve: 1