A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload.
References
Link | Resource |
---|---|
https://github.com/noear/solon/compare/v2.3.2...v2.3.3 | Release Notes |
https://github.com/noear/solon/issues/145 | Exploit Issue Tracking |
Configurations
History
07 Mar 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload. |
26 Jun 2023, 17:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:solon:solon:*:*:*:*:*:*:*:* | |
CWE | CWE-502 | |
First Time |
Solon
Solon solon |
|
References | (MISC) https://github.com/noear/solon/compare/v2.3.2...v2.3.3 - Release Notes | |
References | (MISC) https://github.com/noear/solon/issues/145 - Exploit, Issue Tracking | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
19 Jun 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-19 01:15
Updated : 2024-03-07 20:15
NVD link : CVE-2023-35839
Mitre link : CVE-2023-35839
CVE.ORG link : CVE-2023-35839
JSON object : View
Products Affected
solon
- solon
CWE
CWE-502
Deserialization of Untrusted Data