A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a userβs profile. This can lead to code execution on the server when the userβs profile is accessed.
[
{
"versions": [
{
"version": "1.48.0",
"status": "affected",
"lessThan": "1.50.5",
"versionType": "custom"
}
],
"product": "VINCE - The Vulnerability Information and Coordination Environment",
"vendor": "CERT/CC"
}
]