EPSS
Percentile
43.7%
rundeck is vulnerable to deserialization attack. An attacker is able to exploit the vulnerability by uploading a maliciously crafted aclpolicy yaml file to the server which will deserialise run the remote code when a user makes a POST request to it.
github.com/advisories/GHSA-q4rf-3fhx-88pf
github.com/rundeck/rundeck/commit/850d12e21d22833bc148b7f458d7cb5949f829b6
github.com/rundeck/rundeck/security/advisories/GHSA-q4rf-3fhx-88pf