Lucene search

GitHub Advisory DatabaseGHSA-6PQX-V9G4-5HC8

HistoryDec 02, 2023 - 12:31 a.m.

Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request

2023-12-0200:31:05

CWE-94

CWE-502

GitHub Advisory Database

github.com

jupiter

vulnerability

deserialization

arbitrary commands

rpc request

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.0%

JSON

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.

Affected configurations

Vulners

Node

xxl-rpc_projectxxl-rpcRange≤1.3.1

CPENameOperatorVersion
org.jupiter-rpc:jupiter-rpcle1.3.1

CPE	Name	Operator	Version
	org.jupiter-rpc:jupiter-rpc	le	1.3.1

References

github.com/advisories/GHSA-6pqx-v9g4-5hc8

github.com/fengjiachun/Jupiter

github.com/fengjiachun/Jupiter/issues/115

github.com/welk1n/JNDI-Injection-Exploit/releases/tag/v1.0

nvd.nist.gov/vuln/detail/CVE-2023-48887

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for GHSA-6PQX-V9G4-5HC8