Description

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.

Remediation

References

https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md

https://vuldb.com/?ctiid.231804

https://vuldb.com/?id.231804

Related Vulnerabilities

CVE-2020-28270 Vulnerability in npm package object-hierarchy-access

CVE-2022-27340 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2022-25908 Vulnerability in npm package create-choo-electron

CVE-2018-3737 Vulnerability in npm package sshpk

CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.12

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Exploit Permissions Required Third Party Advisory VDB Entry NVD-CWE-noinfo