In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.
References
Configurations
History
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Sep 2021, 16:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 | |
CPE | cpe:2.3:a:octopus:halibut:*:*:*:*:*:*:*:* | |
References | (MISC) https://advisories.octopus.com/adv/2021-08---Remote-Code-Execution-via-Deserialisation-in-the-Halibut-Protocol-(CVE-2021-31819).2250309681.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
22 Sep 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-22 02:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-31819
Mitre link : CVE-2021-31819
CVE.ORG link : CVE-2021-31819
JSON object : View
Products Affected
octopus
- halibut
CWE
CWE-502
Deserialization of Untrusted Data