JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Artifactory | Jfrog | 6.0.0 (including) | 6.23.41 (excluding) |
Artifactory | Jfrog | 7.0.0 (including) | 7.17.16 (excluding) |
Artifactory | Jfrog | 7.18.0 (including) | 7.18.12 (excluding) |
Artifactory | Jfrog | 7.19.0 (including) | 7.19.13 (excluding) |
Artifactory | Jfrog | 7.21.0 (including) | 7.21.25 (excluding) |
Artifactory | Jfrog | 7.25.0 (including) | 7.25.9 (excluding) |
Artifactory | Jfrog | 7.27.0 (including) | 7.27.15 (excluding) |
Artifactory | Jfrog | 7.29.0 (including) | 7.29.10 (excluding) |
Artifactory | Jfrog | 7.31.0 (including) | 7.31.16 (excluding) |
Artifactory | Jfrog | 7.33.0 (including) | 7.33.12 (excluding) |
Artifactory | Jfrog | 7.34.0 (including) | 7.34.4 (excluding) |
Artifactory | Jfrog | 7.35.0 (including) | 7.35.0 (including) |
Artifactory | Jfrog | 7.36.0 (including) | 7.36.0 (including) |