GitHub Advisory DatabaseGHSA-VRCF-G539-X6H3Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.7%
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| rediswrapper | lt | 0.3.0 |
References
github.com/advisories/GHSA-vrcf-g539-x6h3
github.com/frostming/rediswrapper/commit/748f60bafd857c24f65683426f665350e2c3f91b
github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0
github.com/frostming/rediswrapper/pull/1
github.com/frostming/rediswrapper/releases/tag/v0.3.0
nvd.nist.gov/vuln/detail/CVE-2019-17206
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.006 Low
EPSS
Percentile
77.7%