Description
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.
Remediation
References
https://hackerone.com/reports/350418
Related Vulnerabilities
CVE-2021-29369 Vulnerability in npm package gnuplot
CVE-2021-38384 Vulnerability in npm package serverless-offline
CVE-2022-36437 Vulnerability in maven package com.hazelcast.jet:hazelcast-jet-enterprise
CVE-2020-7691 Vulnerability in maven package org.webjars.npm:jspdf
CVE-2020-9497 Vulnerability in maven package org.apache.guacamole:guacamole