Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CircuitVerse potential RCE vulnerability via Oj.load
Vulnerability Description
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution (RCE) vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Execution (RCE). A patch is available in commit number 7b3023a99499a7675f10f2c1d9effdf10c35fb6e. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
CircuitVerse 代码问题漏洞
Vulnerability Description
CircuitVerse是印度CircuitVerse开源的一个免费的开源平台。允许用户在线构建数字逻辑电路。 CircuitVerse存在代码问题漏洞,该漏洞源于其允许经过身份验证的攻击者通过专门制作的JSON有效载荷执行任意代码导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A