Headline
GHSA-hw46-vg6w-88fj: replicator vulnerable to Deserialization of Untrusted Data
A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.
replicator vulnerable to Deserialization of Untrusted Data
Critical severity GitHub Reviewed Published Dec 15, 2022 • Updated Dec 15, 2022
Related news
CVE-2021-33420: Merge pull request #17 from inikulin/sec · inikulin/replicator@2c62624
A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.