A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.
References
Link | Resource |
---|---|
https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2022-10-26T15:15:45.247Z
Updated: 2022-11-01T21:36:54.112Z
Reserved: 2022-09-08T19:14:18.690Z
Link: CVE-2022-40238
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-26T16:15:11.757
Modified: 2022-10-28T17:41:06.283
Link: CVE-2022-40238
JSON object: View
Redhat Information
No data.
CWE