Description

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.

Remediation

References

https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md

https://vuldb.com/?ctiid.231804

https://vuldb.com/?id.231804

Related Vulnerabilities

CVE-2021-23399 Vulnerability in npm package wincred

CVE-2021-44684 Vulnerability in npm package github-todos

CVE-2018-1000068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2022-24999 Vulnerability in maven package org.webjars:qs

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Exploit Permissions Required Third Party Advisory VDB Entry NVD-CWE-noinfo