horilla create_skills deserialization

A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

可信数据的反序列化

Horilla 代码问题漏洞

Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.2.1及之前版本存在代码问题漏洞，该漏洞源于存在反序列化漏洞。

N/A

N/A