Description
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.
Remediation
References
https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md
https://vuldb.com/?ctiid.231804
https://vuldb.com/?id.231804
Related Vulnerabilities
CVE-2020-28270 Vulnerability in npm package object-hierarchy-access
CVE-2022-27340 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2022-25908 Vulnerability in npm package create-choo-electron
CVE-2018-3737 Vulnerability in npm package sshpk
CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.12