Headline
GHSA-rx62-5cw6-x29q: Whaleal IceFrog is vulnerable to deserialization
Whaleal IceFrog v1.1.8 component Aviator Template Engine is vulnerable to deserialization of untrusted data. The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Whaleal IceFrog is vulnerable to deserialization
Moderate severity GitHub Reviewed Published Jun 18, 2023 to the GitHub Advisory Database • Updated Jun 19, 2023
Related news
CVE-2023-3308
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.