Description
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.
Remediation
References
https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md
https://vuldb.com/?ctiid.231804
https://vuldb.com/?id.231804
Related Vulnerabilities
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webapp
CVE-2023-34462 Vulnerability in maven package io.netty:netty-handler
CVE-2023-37962 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator
CVE-2021-23337 Vulnerability in maven package org.webjars.bower:lodash
CVE-2020-12265 Vulnerability in maven package org.webjars:decompress-tar