On the 26th of July 2022, the GitHub Security Lab reported to Airbnb a remote code execution (RCE) vulnerability in Optica that allowed unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
A patched version of Optica was released 28th of July 2022.
Impact
Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica.
Patches
The vulnerability was patched in v. 0.10.2, where the call to the function oj.load was changed to oj.safe_load.
Workarounds
None, it is recommended that users upgrade to the newest version.
References
For more information
If you have any questions or comments about this advisory:
On the 26th of July 2022, the GitHub Security Lab reported to Airbnb a remote code execution (RCE) vulnerability in Optica that allowed unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
A patched version of Optica was released 28th of July 2022.
Impact
Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica.
Patches
The vulnerability was patched in v. 0.10.2, where the call to the function
oj.loadwas changed tooj.safe_load.Workarounds
None, it is recommended that users upgrade to the newest version.
References
For more information
If you have any questions or comments about this advisory: