A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a users profile. This can lead to code execution on the server when the users profile is accessed.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vince | Cert | * | 1.50.5 (excluding) |