CHT Security Red Team Discovered Vulnerability in a Well-Known Control Library
[CVE-2021-36483] – Insecure Deserialization
1. Insecure Deserialization
There is a vulnerable deserialization function in Reporting control library by default.
When server or client side calls a vulnerable function, attackers can craft malicious REPX file to trigger insecure deserialization, resulting in arbitrary code execution. This vulnerability is classified in A8 - Insecure Deserialization of OWASP TOP 10 2017.
Known Affected Software
- Versions 21.1 and prior
TsungShu Chiu (CHT Security)