Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
JFrog Artifactory 代码问题漏洞
Vulnerability Description
Jfrog JFrog Artifactory是以色列Jfrog公司的一款开源的通用Artifact存储库管理器,它支持集群和高可用性Docker注册表,并提供端到端的用于跟踪从开发到生产的工件自动化解决方案。 JFrog Artifactory 6.23.41版本至7.36.1之前版本存在安全漏洞,该漏洞源于受到不受信任数据的不安全反序列化的影响。攻击者利用该漏洞发送特制请求导致拒绝服务、权限提升和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A