Vulnerability Details CVE-2021-33420
A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 84.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://advisory.checkmarx.net/advisory/CX-2021-4787
- https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b
- https://github.com/inikulin/replicator/issues/16
- https://github.com/inikulin/replicator/pull/17
- https://advisory.checkmarx.net/advisory/CX-2021-4787
- https://github.com/inikulin/replicator/commit/2c626242fb4a118855262c64b5731b2ce98e521b
- https://github.com/inikulin/replicator/issues/16
- https://github.com/inikulin/replicator/pull/17
Products affected by CVE-2021-33420
-
cpe:2.3:a:replicator_project:replicator:*