2021-08-19 12:44
CHT Security Red Team Discovered Vulnerability in a Well-Known Control Library
Summary
Vulnerability List
[CVE-2021-36483] – Insecure Deserialization
Details
1. Insecure Deserialization
Description
There is a vulnerable deserialization function in Reporting control library by default.
Impact
When server or client side calls a vulnerable function, attackers can craft malicious REPX file to trigger insecure deserialization, resulting in arbitrary code execution. This vulnerability is classified in A8 - Insecure Deserialization of OWASP TOP 10 2017.
Known Affected Software
- Versions 21.1 and prior
Credits
TsungShu Chiu (CHT Security)