CVE Vulnerability

CVE-2022-36038

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution (RCE) vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Execution (RCE). A patch is available in commit number 7b3023a99499a7675f10f2c1d9effdf10c35fb6e. There are currently no known workarounds.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/CircuitVerse/CircuitVerse/commit/7b3023a99499a7675f10f2c1d9effdf10c35fb6e Patch Third Party Advisory
https://github.com/CircuitVerse/CircuitVerse/security/advisories/GHSA-8c8q-4h7g-4rp3 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:circuitverse:circuitverse:-:*:*:*:*:*:*:*
Information

Published : 2022-09-06 07:15

Updated : 2022-09-09 07:27

NVD link : CVE-2022-36038

Mitre link : CVE-2022-36038

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data