What the vulnerability does
01Description
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
CVE-2022-1032
HIGH
CVE-2022-1032: Insecure deserialization of not validated module file in crater-invoice/crater
CVSS base score
7.2/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
March 29, 2022
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-30898
CVE-2024-10936 String Locator <= 2.6.6 - Unauthenticated PHP Object Injection
CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability
CVE-2025-31919 WordPress Spare <= 1.7 - PHP Object Injection Vulnerability
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
