Description

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.

Remediation

References

https://github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md

https://vuldb.com/?ctiid.231804

https://vuldb.com/?id.231804

Related Vulnerabilities

CVE-2018-16330 Vulnerability in npm package editor.md

CVE-2021-25949 Vulnerability in npm package set-getter

CVE-2020-7746 Vulnerability in maven package org.webjars.bower:chart.js

CVE-2022-22984 Vulnerability in npm package snyk

CVE-2020-11022 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Broken Link Exploit Permissions Required Third Party Advisory VDB Entry NVD-CWE-noinfo