A Remote Code Injection vulnerability exists in CERT...
High severity
Unreviewed
Published
Oct 26, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Oct 26, 2022
Published to the GitHub Advisory Database
Oct 26, 2022
Last updated
Jan 30, 2023
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.
References