A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2022-10-26T15:15:45.247Z

Updated: 2024-08-03T12:14:39.960Z

Reserved: 2022-09-08T19:14:18.690Z

Link: CVE-2022-40238

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-26T16:15:11.757

Modified: 2024-11-21T07:21:07.830

Link: CVE-2022-40238

cve-icon Redhat

No data.