Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Safety 代码问题漏洞
Vulnerability Description
Safety是一款基于Python的用于检查程序安全性的软件包。 Safety Designer 1.11.0及之前版本存在安全漏洞,该漏洞源于使用的.NET框架类中存在反序列化漏洞且未进行正确检查,这使得攻击者可以制作恶意项目文件打开/导入这样的恶意项目文件,在被Safety Designer打开或导入时,将以当前用户的权限执行任意代码。这损害了保密性、完整性和可用性。为了攻击成功,用户必须手动打开一个恶意的项目文件。
CVSS Information
N/A
Vulnerability Type
N/A