Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GHSL-2023-136_Samson
Vulnerability Description
Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Samson 安全漏洞
Vulnerability Description
Samson是Zendesk开源的一个用于部署的 web 界面。 Samson v3385之前版本存在安全漏洞,该漏洞源于存在不安全的反序列化,可能导致远程代码执行(RCE)。
CVSS Information
N/A
Vulnerability Type
N/A