CVE-2023-3308: Deserialization of Untrusted Data

June 18, 2023 (updated June 27, 2023)

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.

References

github.com/NanKeXXX/selfVuln_poc/blob/main/whaleal%3Aicefrog/icefrog_1.1.8_RCE.md
github.com/advisories/GHSA-rx62-5cw6-x29q
nvd.nist.gov/vuln/detail/CVE-2023-3308
vuldb.com/?ctiid.231804
vuldb.com/?id.231804

Code Behaviors & Features

Detect and mitigate CVE-2023-3308 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →